News

🚨Confluence servers are being targeted by the new Atom Silo ransomware 🚨

  • 6 October 2021
  • 0 replies
  • 6 views
🚨Confluence servers are being targeted by the new Atom Silo ransomware 🚨
Userlevel 5
Badge +3
  • Community Manager
  • 24 replies

A new ransomware operator uses stealthy techniques, but borrows heavily from other players. Sophos' MTR Rapid Response team recently investigated a ransomware attack by a recently emerged threat actor group called Atom Silo. The sophisticated attack, which took place over two days, was made possible by an earlier initial access leveraging a recently revealed vulnerability in Atlassian's Confluence collaboration software. While the ransomware itself is virtually identical to LockFile, the intrusion that made the ransomware attack possible made use of several novel techniques that made it extremely difficult to investigate, including the side-loading of malicious dynamic-link libraries tailored to disrupt endpoint protection software.


0 replies

Be the first to reply!

Reply