{"id":208558,"date":"2022-06-18T02:49:07","date_gmt":"2022-06-18T04:49:07","guid":{"rendered":"https:\/\/teknomers.com\/fr\/atlassian-confluence-flaw-utilise-pour-deployer-des-ransomwares-et-des-crypto-mineurs\/"},"modified":"2022-06-18T02:49:08","modified_gmt":"2022-06-18T04:49:08","slug":"atlassian-confluence-flaw-utilise-pour-deployer-des-ransomwares-et-des-crypto-mineurs","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/atlassian-confluence-flaw-utilise-pour-deployer-des-ransomwares-et-des-crypto-mineurs\/","title":{"rendered":"Atlassian Confluence Flaw utilis\u00e9 pour d\u00e9ployer des ransomwares et des crypto-mineurs"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Une faille de s\u00e9curit\u00e9 critique r\u00e9cemment corrig\u00e9e dans les produits Atlassian Confluence Server et Data Center est activement militaris\u00e9e dans des attaques r\u00e9elles pour supprimer les mineurs de crypto-monnaie et les charges utiles de ransomware.<\/p>\n<p>Dans au moins deux des incidents li\u00e9s \u00e0 Windows observ\u00e9s par le fournisseur de cybers\u00e9curit\u00e9 Sophos, les adversaires ont exploit\u00e9 la vuln\u00e9rabilit\u00e9 pour fournir le ran\u00e7ongiciel Cerber et un <a rel=\"nofollow noopener\" href=\"https:\/\/blog.checkpoint.com\/2022\/06\/09\/crypto-miners-leveraging-atlassian-zero-day-vulnerability\/\" target=\"_blank\">mineur de crypto<\/a> appel\u00e9 z0miner sur les r\u00e9seaux victimes.<\/p>\n<p>L&#8217;insecte (<a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-26134\" target=\"_blank\">CVE-2022-26134<\/a>, score CVSS : 9,8), corrig\u00e9 par Atlassian le 3 juin 2022, permet \u00e0 un acteur non authentifi\u00e9 d&#8217;injecter un code malveillant qui ouvre la voie \u00e0 l&#8217;ex\u00e9cution de code \u00e0 distance (RCE) sur les installations concern\u00e9es de la suite collaborative.  Toutes les versions prises en charge de Confluence Server et Data Center sont concern\u00e9es.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/backup-github\" target=\"_blank\" title=\"DevOps backup\"><img loading=\"lazy\" decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/05\/Arret-de-loperation-Conti-Ransomware-apres-la-division-en-groupes.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>Parmi les autres logiciels malveillants notables diffus\u00e9s dans le cadre d&#8217;instances disparates d&#8217;activit\u00e9s d&#8217;attaque, citons les variantes de bot Mirai et Kinsing, un package malveillant appel\u00e9 pwnkit et Cobalt Strike via un shell Web d\u00e9ploy\u00e9 apr\u00e8s avoir pris pied dans le syst\u00e8me compromis.<\/p>\n<p>&#8220;La vuln\u00e9rabilit\u00e9, CVE-2022-26134, permet \u00e0 un attaquant de g\u00e9n\u00e9rer un shell accessible \u00e0 distance, en m\u00e9moire, sans rien \u00e9crire sur le stockage local du serveur&#8221;, a d\u00e9clar\u00e9 Andrew Brandt, chercheur principal en s\u00e9curit\u00e9 chez Sophos, <a rel=\"nofollow noopener\" href=\"https:\/\/news.sophos.com\/en-us\/2022\/06\/16\/confluence-exploits-used-to-drop-ransomware-on-vulnerable-servers\/\" target=\"_blank\">a dit<\/a>.<\/p>\n<div class=\"separator\" style=\"clear: both\"><img decoding=\"async\" alt=\"Ran\u00e7ongiciels et mineurs de crypto\" border=\"0\" data-original-height=\"89\" data-original-width=\"728\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/06\/1655527747_631_Atlassian-Confluence-Flaw-utilise-pour-deployer-des-ransomwares-et-des.jpg\" title=\"Ran\u00e7ongiciels et mineurs de crypto\" \/><\/div>\n<p>La divulgation chevauche des avertissements similaires de Microsoft, qui <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/MsftSecIntel\/status\/1535417776290111489\" target=\"_blank\">r\u00e9v\u00e9l\u00e9<\/a> la semaine derni\u00e8re que &#8220;de multiples adversaires et acteurs de l&#8217;\u00c9tat-nation, y compris <a rel=\"nofollow noopener\" href=\"https:\/\/www.microsoft.com\/security\/blog\/2022\/05\/09\/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself\/#DEV-0401\" target=\"_blank\">DEV-0401<\/a> et DEV-0234, tirent parti de la vuln\u00e9rabilit\u00e9 Atlassian Confluence RCE CVE-2022-26134.&#8221;<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowdsec-tour-d\" target=\"_blank\" title=\"CyberSecurity\"><img loading=\"lazy\" decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/04\/1650021915_454_Haskers-Gang-donne-gratuitement-le-logiciel-malveillant-ZingoStealer-a-dautres.jpg\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>DEV-0401, d\u00e9crit par Microsoft comme un &#8220;loup solitaire bas\u00e9 en Chine devenu affili\u00e9 \u00e0 LockBit 2.0&#8221;, a \u00e9galement \u00e9t\u00e9 pr\u00e9c\u00e9demment li\u00e9 \u00e0 des d\u00e9ploiements de ransomwares ciblant des syst\u00e8mes connect\u00e9s \u00e0 Internet ex\u00e9cutant VMWare Horizon (Log4Shell), Confluence (CVE-2021-26084), et les serveurs Exchange sur site (ProxyShell).<\/p>\n<p>Ce d\u00e9veloppement est embl\u00e9matique d&#8217;une tendance continue selon laquelle les acteurs de la menace capitalisent de plus en plus sur les vuln\u00e9rabilit\u00e9s critiques r\u00e9cemment r\u00e9v\u00e9l\u00e9es plut\u00f4t que d&#8217;exploiter des failles logicielles dat\u00e9es et connues du public sur un large \u00e9ventail de cibles.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/06\/atlassian-confluence-flaw-being-used-to.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Une faille de s\u00e9curit\u00e9 critique r\u00e9cemment corrig\u00e9e dans les produits Atlassian Confluence Server et Data Center est activement militaris\u00e9e dans des attaques r\u00e9elles pour supprimer les mineurs de crypto-monnaie et les charges utiles de ransomware. Dans au moins deux des incidents li\u00e9s \u00e0 Windows observ\u00e9s par le fournisseur de cybers\u00e9curit\u00e9 Sophos, les adversaires ont exploit\u00e9 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":208559,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[54518,4168,35371,79695,4158,4165,4161,9886,133,53445,4157,4159,4171,4170,4167,4160,4163,4162,185,63091,4172,4169,1282,4166,4164],"class_list":["post-208558","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-atlassian","tag-comment-pirater","tag-confluence","tag-cryptomineurs","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-deployer","tag-des","tag-flaw","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-pour","tag-ransomwares","tag-securite-informatique","tag-securite-internet","tag-utilise","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/208558","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=208558"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/208558\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/208559"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=208558"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=208558"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=208558"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}