Nation-State Threat Actor Storm-0062 Exploiting Confluence Zero-Day Vulnerability — Microsoft’s Detection and Atlassian’s Response

Microsoft recently made a troubling discovery when it detected the presence of the nation-state threat actor Storm-0062, also known as DarkShadow or Oro0lxy, actively exploiting a significant vulnerability called CVE-2023-22515 in the wild. This alarming development has raised serious concerns within the cybersecurity community since the attacks have been ongoing since September 14, 2023. In this article, we will delve into the details of this exploit and shed light on Atlassian’s response to ensure the safety of Confluence Data Center and Server instances.

Description of vulnerability

The vulnerability in question, CVE-2023-22515, has gained significant attention as it was publicly disclosed on October 4, 2023. This particular vulnerability is a Confluence zero-day, meaning that it was previously unknown and has not yet been patched by its developers. Atlassian, the company behind Confluence, has launched an investigation following reports from a few customers who have experienced potential exploitation. The vulnerability allows unauthorized access to publicly accessible Confluence Data Center and Server instances, enabling the creation of unapproved administrator accounts.

Active exploitation reports

Reports from Netlas, a well-known cybersecurity firm, have revealed that the vulnerability has been actively exploited in real-world scenarios. This information highlights the urgency of the situation and the critical need to address the Confluence zero-day vulnerability promptly. Further examination of the exploit traffic has led to the identification of four IP addresses linked to the transmission of the malicious code.

1. 192.69.90.31
2. 23.105.208.154
3. 199.193.127.231

Severity of vulnerability

Atlassian has classified the CVE-2023-22515 vulnerability as critical, indicating its potential for significant harm and widespread damage. The severity of the vulnerability is emphasized by its Common Vulnerability Scoring System (CVSS) score of 10, which is the highest possible score based on Atlassian’s severity levels. This rating underscores the urgent need for users to take immediate action to protect their systems and prevent unauthorized access.

To ensure users are informed and able to safeguard their Confluence installations, it is crucial to understand which versions are affected by the CVE-2023-22515 vulnerability. The following versions of Confluence Data Center and Confluence Server are known to be vulnerable to exploitation:

– Confluence Data Center: 8.0.0, 8.5.0, 8.5.1
– Confluence Server: 8.0.0, 8.5.0, 8.5.1

Thankfully, Atlassian has acted swiftly to address this security concern. The company has released updates and patches to fix the CVE-2023-22515 vulnerability. Users are advised to update their Confluence installations to the following fixed versions:

– Confluence Data Center: 8.3.3 or later, or 8.5.2 (Long-Term Support release) or later.
– Confluence Server: 8.3.3 or later, or 8.5.2 (Long-Term Support release) or later.

Confirmation of issue reproduction

The seriousness of the vulnerability has been further validated by the PT Swarm team, who successfully managed to reproduce the issue. This confirmation underscores the critical nature of the exploit and calls for immediate action from Confluence users to safeguard their systems.

The nation-state threat actor Storm-0062, also known as DarkShadow or Oro0lxy, exploits the Confluence zero-day vulnerability CVE-2023-22515, which has raised significant concerns within the cybersecurity community. Microsoft’s detection of ongoing attacks highlights the urgent need to promptly address this vulnerability. Atlassian, the developer of Confluence, has responded to the situation by investigating the potential exploitation and urging users to update their installations to the fixed versions. It is essential for users to stay vigilant, apply necessary updates, and follow best practices to mitigate the risks associated with this exploit. By doing so, we can safeguard our systems and protect against unauthorized access and potential harm.

Explore more

Compliance Drives Regulated B2B Influencer Marketing in 2026

The shifting landscape of digital authority has fundamentally transformed how enterprise-level organizations engage with industry experts and thought leaders across global markets. As the professional world moves deeper into this period of technological saturation, the superficial tactics of the past have been replaced by a rigorous commitment to transparency and legal precision. In earlier years, the simple inclusion of a

Transforming Voice of the Customer Into Predictive Action

Corporate boardrooms often overflow with real-time dashboards and complex analytics, yet many organizations still find themselves blindsided by sudden shifts in customer loyalty and market demand. While the technology to capture feedback has become ubiquitous, the structural ability to interpret and act upon that data in a meaningful timeframe remains remarkably rare for the average enterprise. Most traditional systems are

How Will Databricks CustomerLake Redefine Agentic Marketing?

The ongoing evolution of the digital landscape has forced a radical reconsideration of how enterprises capture, process, and ultimately utilize the vast oceans of consumer data generated every second of the day. Modern marketing departments have long struggled with the paradox of having too much information but not enough actionable insight to drive meaningful consumer interactions in real time. The

How Can Small Banks Compete With Global Financial Giants?

Nikolai Braiden has seen the evolution of financial architecture from its early blockchain roots to the current wave of institutional modernization, and today he joins us to dissect a pivotal shift in venture capital. With BankTech Ventures recently deploying $15 million into AI and stablecoin solutions, the landscape for regional banking is undergoing a profound transformation. Braiden’s perspective as an

Bullski Presale Tops the List of Best Meme Coins for 2026

The current cryptocurrency market in 2026 has transitioned into a highly sophisticated arena where institutional standards and community-driven viral momentum converge to create unique financial opportunities. Investors are no longer satisfied with speculative assets lacking fundamental safeguards, leading to a significant shift toward projects that prioritize technical transparency and structured growth. In this evolving landscape, the Bullski presale has emerged