Cyber Command alerts US firms of ‘ongoing’ hacks targeting Atlassian enterprise software

The warning comes after a similar advisory from the FBI and the Department of Homeland Security.
The head office of Australian tech firm Atlassian, which makes Confluence software that's now the subject of hackers' interest. (WILLIAM WEST/AFP via Getty Images)

U.S. Cyber Command is warning American organizations that hackers are exploiting software flaws in a popular project management tool, an indication that attackers could be preparing for a larger campaign that creates headaches throughout the private sector.

Cyber Command — the Defense Department’s cyber unit — said in a tweet Friday that “mass exploitation” of the issue “is ongoing and expected to accelerate.” The issue exists in Atlassian Confluence, an enterprise application marketed as a means of enabling remote work in corporate environments. Atlassian, an Australian corporation, warned clients on Aug. 25 to update their systems to the latest version of Confluence.

“Please patch immediately if you haven’t already — this cannot wait until after the weekend,” the Cyber Command warning stated.

The message comes after the Department of Homeland Security’s cyber division, along with the FBI, warned firms to be on guard for ransomware attacks ahead of Labor Day, a holiday weekend in the U.S.


The ransomware attack at Colonial Pipeline that resulted in delayed fuel transportation occurred near Mother’s Day in May, followed shortly after by the breach at the food production corporation JBS, near Memorial Day. Another attack targeting Kaseya, a global IT firm, was timed roughly with Independence Day in the U.S.

“Ransomware continues to be a national security threat and a critical challenge, but it is not insurmountable,” Eric Goldstein, executive assistant director for cybersecurity at DHS’ Cybersecurity and Infrastructure Security Agency, said in a statement.

Specific details about the flaw in Atlassian’s Confluence software are sparse. The company said the issue, categorized as CVE-2021-26084, is an “injection vulnerability” that “would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance.”

The flaw is rated a 9.8 out of a possible 10 points on the Common Vulnerability Scoring System.

Latest Podcasts