Categories
Cyber Security

Atom Silo Group Eyeing Confluence Servers | Cyware Alerts

A brand new ransomware group has been noticed abusing a lately patched vulnerability in Atlassian Confluence Server and Information Middle. The group, dubbed Atom Silo, is utilizing the flaw to deploy its ransomware.

What has occurred?

  • The ransomware employed by the Atom Silo group could be very an identical to LockFile and LockBit ransomware teams.
  • The group is utilizing a number of novel strategies that make it very difficult to look at, together with DLL side-loading to interrupt endpoint safety.
  • Profitable exploitation of CVE-2021-26084 permits unauthenticated attackers to execute distant instructions on unpatched Confluence servers.

Technical insights

The attackers efficiently made use of a three-weeks-old vulnerability for his or her initial compromise.
  • Ransomware payloads unfold by Atom Silo used a malicious kernel driver to evade detection by disrupting endpoint safety options. 
  • Moreover, the attackers have been noticed utilizing inbuilt and native Home windows instruments, together with assets, to maneuver additional inside the community till they deploy the ransomware.

Conclusion

Found lately, Atom Silo is already exhibiting numerous potential with its strategies and capabilities to go after enterprise merchandise corresponding to Confluence servers. If not acted in opposition to now, it might grow to be much more difficult for organizations to remain protected from this risk.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *