Atlassian Confluence Exploits Peak at 100K Daily

Swarms of breach attempts against the Atlassian Confluence vulnerability are likely to continue for years, researchers say, averaging 20,000 attempts daily as of this week.

Dark Reading Staff, Dark Reading

June 28, 2022

1 Min Read
Concept art depicting malware as a shadowy skull superimposed on code displayed on a monitor
Source: Marcos Alvarado via Alamy

Since it was first identified on June 2, the Atlassian Confluence remote code-execution (RCE) vulnerability tracked as CVE-2022-26134 has attracted the repeated attention of threat actors. Now, after peaking at up to 100,000 attack attempts daily on targets, cyberattackers have settled at a steady rate of 20,000 malware injection shots per day, launched from around 6,000 IPs.

Researchers at Akamai observed that attacks on the Atlassian Confluence bug are mainly focused in the commerce, high tech, and financial services sectors, and range from probing to malware injection in hopes of installing cryptominers and Web shells.

"What is particularly concerning is how much of a shift upward this attack type has garnered over the last several weeks," a Tuesday Akamai report on the Atlassian Confluence vulnerability said. "As we have seen with similar vulnerabilities, this CVE-2022-26134 [bug] will likely continue to be exploited for at least the next couple of years."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights