Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware

Key Takeaways The DFIR Report Services Table of Contents: Case Summary In late June 2024, an unpatched Confluence server was compromised via CVE-2023-22527, a template injection vulnerability, first from IP address 45.227.254[.]124, which just ran whoami and exited. Shortly thereafter, a different IP address used the same exploit, running curl to deploy a Metasploit payload […] The post Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware appeared first on The DFIR Report .

Key Takeaways The DFIR Report Services Table of Contents: Case Summary In late June 2024, an unpatched Confluence server was compromised via CVE-2023-22527, a template injection vulnerability, first from IP address 45.227.254[.]124, which just ran whoami and exited. Shortly thereafter, a different IP address used the same exploit, running curl to deploy a Metasploit payload […] The post Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware appeared first on The DFIR Report . Key Takeaways The DFIR Report Services Table of Contents: Case Summary In late June 2024, an unpatched Confluence server was compromised via CVE-2023-22527, a template injection vulnerability, first from IP address 45.227.254[.]124, which just ran whoami and exited. Shortly thereafter, a different IP address used the same exploit, running curl to deploy a Metasploit payload […] The post Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware appeared first on The DFIR Report .