Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Trend Micro researchers have identified a new attack vector exploiting CVE-2023-22527 in older versions of Atlassian Confluence Data Center and Server. The attack deploys an in-memory fileless backdoor known as the Godzilla webshell, which uses AES encryption for communication and remains memory-resident to evade disk-based detection. The vulnerability allows unauthenticated attackers to perform remote code execution. The attack chain involves exploiting the vulnerability, loading a loader into the victim server, and activating the Godzilla webshell. This sophisticated Chinese-language backdoor poses significant challenges for legacy anti-virus solutions, highlighting the importance of regular server patching and advanced security measures.
OPENCTI LABELS :
remote code execution,cve-2023-22527,atlassian confluence,godzilla,aes encryption,fileless backdoor,in-memory
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence