Cerber Ransomware Linux Variant Exploiting CVE-2023-22518 - #Cerber
A critical vulnerability in Atlassian Confluence Data Center and Server, CVE-2023-22518, has been actively exploited by cybercriminals to deploy a Linux variant of the Cerber ransomware. This flaw allows unauthorized attackers to reset Confluence instances and create administrator accounts, enabling them to execute malicious code and install web shells like Effluence. The Cerber ransomware, written in highly obfuscated C++ payloads, operates in multiple stages, connecting to command and control servers, performing system checks, and encrypting files with the .L0CK3D extension. Despite its sophistication, the impact is limited to files owned by the low-privilege 'confluence' user, with no evidence of data exfiltration. Organizations are urged to promptly patch vulnerable systems and implement robust security measures to mitigate the risk of ransomware attacks.