Government

Cyber Command alerts US firms of ‘ongoing’ hacks targeting Atlassian enterprise software

The warning comes after a similar advisory from the FBI and the Department of Homeland Security.

September 3, 2021

The head office of Australian tech firm Atlassian, which makes Confluence software that's now the subject of hackers' interest. (WILLIAM WEST/AFP via Getty Images)

U.S. Cyber Command is warning American organizations that hackers are exploiting software flaws in a popular project management tool, an indication that attackers could be preparing for a larger campaign that creates headaches throughout the private sector.

Cyber Command — the Defense Department’s cyber unit — said in a tweet Friday that “mass exploitation” of the issue “is ongoing and expected to accelerate.” The issue exists in Atlassian Confluence, an enterprise application marketed as a means of enabling remote work in corporate environments. Atlassian, an Australian corporation, warned clients on Aug. 25 to update their systems to the latest version of Confluence.

“Please patch immediately if you haven’t already — this cannot wait until after the weekend,” the Cyber Command warning stated.

The message comes after the Department of Homeland Security’s cyber division, along with the FBI, warned firms to be on guard for ransomware attacks ahead of Labor Day, a holiday weekend in the U.S.

The ransomware attack at Colonial Pipeline that resulted in delayed fuel transportation occurred near Mother’s Day in May, followed shortly after by the breach at the food production corporation JBS, near Memorial Day. Another attack targeting Kaseya, a global IT firm, was timed roughly with Independence Day in the U.S.

“Ransomware continues to be a national security threat and a critical challenge, but it is not insurmountable,” Eric Goldstein, executive assistant director for cybersecurity at DHS’ Cybersecurity and Infrastructure Security Agency, said in a statement.

Specific details about the flaw in Atlassian’s Confluence software are sparse. The company said the issue, categorized as CVE-2021-26084, is an “injection vulnerability” that “would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance.”

The flaw is rated a 9.8 out of a possible 10 points on the Common Vulnerability Scoring System.

Cyber Command alerts US firms of ‘ongoing’ hacks targeting Atlassian enterprise software

More Like This

FBI director warns of China’s preparations for disruptive infrastructure attacks

House passes bill to limit personal data purchases by law enforcement, intelligence agencies

Ex-White House cyber official says ransomware payment ban is a ways off

Top Stories

Treasury official: Small financial institutions have ‘growth to do’ in using AI against threats

‘Large volume’ of data stolen from UN agency after ransomware attack

More Scoops

CISA releases 2024 priorities for the Joint Cyber Defense Collaborative

Multiple nation-state hackers infiltrate single aviation organization

Did someone really hack into the Oldsmar, Florida, water treatment plant? New details suggest maybe not.

Iranian hackers use Log4Shell to mine crypto on federal computer system

FBI warns agricultural sector of heightened risk of ransomware attacks

The long, bumpy road to cyber incident reporting legislation — and the one still ahead

Major cyber incident reporting requirement, CISA budget hike on precipice of becoming law

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics