The U.S. Department of Education and Federal Student Aid have been monitoring nation-state actors that are targeting research institutions and actively exploiting Atlassian’s Confluence Data Center and Server (CVE-2023-22515). Attackers are targeting research institutions by creating unauthorized Confluence administrator accounts and accessing Confluence instances and exfiltrating data.
Action Required
-
Check: See if your Confluence Data Center and Confluence Server version is affected by this vulnerability on the CVE-2023-22515 advisory page.
-
Upgrade your instance: Employ the latest updates for Confluence Data Center and Server instances to mitigate the vulnerability.
-
Conduct comprehensive threat detection: Utilize threat detection measures to identify any potential breaches or unauthorized access.
Publicly accessible Confluence Data Center and Server versions are at critical risk and require immediate attention. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
For more information and detailed instructions on how to secure your Confluence instance, visit Atlassian’s CVE-2023-22515 advisory page.
Actions to take today to mitigate cyber threats:
-
Regularly patch and update software and applications to their latest versions and conduct regular vulnerability assessments. To request free Cybersecurity & Infrastructure Security Agency (CISA) Vulnerability Scanning, please see https://www.cisa.gov/resources-tools/services/cisa-vulnerability-scanning.
-
Implement Multi-Factor Authentication (MFA), especially for privileged users like system administrators, IT personnel, and users with access to sensitive information.
-
Test and maintain data backups.
-
Create and test your Incident Response Plan.
-
Train your organization’s staff in Cybersecurity defense.
If you suspect a breach or have any questions regarding the information provided in this announcement, or to sign up for our Quarterly Cybersecurity newsletter, please contact FSASchoolCyberSafety@ed.gov.