25% off all training courses Offer ends May 8, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 8, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Atlassian Confluence Data Center and Server Vulnerability Actively Exploited by Chinese APT Actor

Posted By on Oct 12, 2023

Microsoft has issued a security alert warning that a Chinese Advanced Persistent Threat (APT) Group has been exploiting a zero-day vulnerability in Atlassian Confluence Data Center and Server products.

The vulnerability, CVE-2023-22515, is a critical privilege escalation vulnerability caused by broken access controls. The vulnerability has a maximum CVSS severity score of 10 and can be exploited by any device with a network connection to a vulnerable application. Successful exploitation of the vulnerability allows unauthorized individuals to create Confluence administrator accounts and access Confluence instances.

Atlassian issued a security advisory about the vulnerability on October 4, 2023, and released patches to fix the flaw. Fixed versions are 8.3.3 or later, 8.4.3 or later, and 8.5.2 or later. The vulnerability does not affect Atlassian Cloud sites. Microsoft said it has observed the Chinese APT group Storm-0062 (aka DarkShadow/Oro0lxy) exploiting the flaw since September 14, 2023, and identified four malicious IP addresses sending exploit traffic: 192.69.90[.]31 104.128.89[.]92 23.105.208[.]154 199.193.127[.]231. The extent to which the vulnerability has been exploited has not been disclosed, although Atlassian said earlier this month that a handful of customers had been targeted.

Atlassian and Microsoft say urgent action is required to prevent the vulnerability from being exploited and warn that publicly accessible Confluence Data Center and Server instances are at critical risk. Customers should ensure they upgrade their instances to a fixed version and should conduct comprehensive threat detection. After updating their instances, customers should search for unexpected members of the confluence-administrators group, unexpected newly created user accounts, requests to /setup/*.action in network access logs, and look for the presence of /setup/setupadministrator.action in an exception message in atlassian-confluence-security.log in the Confluence home directory.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist