Microsoft identifies "Oro0lxy" as Confluence attacker

By

Atlassian vulnerability exploit attributed to Chinese hacker.

A bug in Atlassian’s Confluence data centre and server software is under attack, allegedly from threat actors in China.

Microsoft identifies "Oro0lxy" as Confluence attacker

Atlassian disclosed the zero-day vulnerability, CVE-2023-22515, last week, saying a small number of customers had suffered exploitation.

Now, in a series of messages posted to X (formerly Twitter), Microsoft said it had identified attack traffic it attributes to a threat actor dubbed Storm-0062, beginning on September 14.

Microsoft sourced the attacks to the following four IP addresses: 192.69.90.31, 104.128.89.92, 23.105.208.154, and 199.193.127.231.

“Any device with a network connection to a vulnerable application can exploit CVE-2023-22515 to create a Confluence administrator account within the application,” the company added.

Microsoft noted that “Storm-0062 is tracked by others as DarkShadow or Oro0lxy.”

While Microsoft didn’t specifically identify China in its messages, Oro0lxy is an alias used by Li Xiaoyu, a Chinese national the US Department of Justice (DoJ) accused of hacking on behalf of China’s Ministry of State Security in a June 2020 indictment [pdf].

The DoJ said Xiaoyu and Dong Jiazhi were prolific hackers who breached hundreds of companies in the United States, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden, and the United Kingdom over a 10-year period.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Eagers Automotive finds unauthorised access to parts of IT systems

Eagers Automotive finds unauthorised access to parts of IT systems

Hackers hit Victoria's court recording database

Hackers hit Victoria's court recording database

St Vincent's Health Australia warns cyber attack forensics could "take some time"

St Vincent's Health Australia warns cyber attack forensics could "take some time"

Yakult Australia confirms cyber incident

Yakult Australia confirms cyber incident

Log In

  |  Forgot your password?