Summary: Security researchers have identified a coordinated attack exploiting a critical vulnerability in Confluence to deploy LockBit ransomware in under two hours. The attack utilized remote code execution techniques to gain unauthorized access and subsequently install ransomware across networks using both manual and automated methods. The incident highlights significant security risks associated with server-side vulnerabilities and the need for prompt patching and monitoring.
Affected: Confluence and associated network systems
Keypoints :
- Exploitation of Confluence vulnerability CVE-2023-22527 led to rapid deployment of LockBit ransomware.
- The attacker established persistent access using AnyDesk and executed commands to gather system information.
- Ransomware was distributed manually and automatically using legitimate tools like PDQ Deploy.