Atlassian Under Siege From Chinese Hackers, Microsoft Discovers

Microsoft Corp MSFT raised an alarm over a critical vulnerability in Atlassian Corp TEAM software being exploited by Chinese state-backed hackers.

The tech giant's threat intelligence team detected the intrusion, identifying the culprits as a nation-state threat actor dubbed Storm-0062, previously linked to China, as per the company tweet.

Earlier this year, Microsoft admitted a series of technical errors, including the hacking of one of its engineers, resulted in the Chinese government gaining access to the emails of high-ranking officials in the Biden administration. 

Also Read: Microsoft Blames Chinese Hackers for Spying on Critical American Infrastructure and Guam

Storm-0062 exploited a flaw in the Atlassian Confluence Data Center and Server, a popular collaborative wiki system utilized globally. The exploitation of this vulnerability tracked as CVE-2023-22515 began on Sept. 14, three weeks before Atlassian disclosed it to the public on Oct. 4, TechCrunch reported.

The vulnerability was rated at a maximum of 10.0, indicating its critical nature. It allowed remote attackers to create unauthorized administrator accounts, granting them access to Confluence servers. Atlassian, while confirming the exploitation by a known nation-state actor, had not directly linked the activity to China.

Ana Keltchina, a spokesperson for Atlassian, emphasized the company's commitment to customer security during this vulnerability. Collaborative efforts with Microsoft are underway to gather more information and assist customers in responding to the security threat. 

Atlassian released a patch to address the flaw, specifically impacting on-premises Confluence Data Center and Server instances. Users need to upgrade their systems immediately to mitigate the risk of exploitation. 

The incident came as the U.S. and China are already battling intensifying geopolitical tensions.

Price Action: TEAM shares traded lower by 2.39% at $201.07 at last check Wednesday.

Read Next: RISC-V Vs. ARM: How US-China Tech Tensions Could Redefine Chip Innovation

Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors.

© 2023 Benzinga does not provide investment advice. All rights reserved.

Login or create a forever free account to read this news