<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=203622165740907&amp;ev=PageView&amp;noscript=1">
Skip to content
Stu LeesJun 18, 2024 10:39:46 PM2 min read

Hacker Attempts to Sell Jira Zero-Day Exploit on the Dark Web for 15m

Hacker Attempts to Sell Jira Zero-Day Exploit on the Dark Web for $15m

It was reported today (June 18th, 2024) that a new Zero-Day RCE Exploit for Atlassian Jira has been put on sale on the dark web.  

Threat Mon Atlassian Zero Day

About 

A Zero-Day RCE exploit is a cyberattack vector that takes advantage of an unknown or unaddressed security flaw in computer software, hardware or firmware. "Zero day" refers to the fact that the software or device vendor has zero days to fix the flaw because malicious actors can already use it to access vulnerable systems.  More info on IBM website

 

Exploit Details

The exploit announced that target’s Atlassian’s Jira is alleged to work on the latest version of Jira Desktop without requiring any login credentials.  Additionally, it is compatible with Okta Single-Sign-On (SSO) making it even more attractive to bad actors who might want to buy the exploit and use it.

Our own security industry contacts have anecdotally mentioned to us that the amount that the exploit is being shopped around for (in crypto currency) is an unusually high amount of $15 million USD equivalent.   

 

Official Atlassian Security Bulletin

At the time of writing this post (and we will monitor and update) we are not sure if this exploit is listed in the latest Atlassian Security Bulletin (click here), but some CVE’s are listed that look similar.

What Does This Attack Mean for Atlassian?


By its nature, this exploit looks very dangerous for those who are impacted.  The usual strategy of multiple layers of digital defense apply to those exposed and it’s strongly recommended that security professionals and Jira Admins take a moment to review and double check your existing data protection and resilience controls such as security policies, network firewalls and infrastructure patches and updates. 

 

"In Cloud, the responsibility for protecting your data is shared between you, Atlassian, and the companies who build and operate any Marketplace apps you use. In this whitepaper, learn about how we’ve optimized the Atlassian Platform with data protection capabilities in each layer to provide maximum protection, and how we’re empowering Marketplace partners to protect your data when you install apps."

Atlassian Cloud Protection Whitepaper

As always, we recommend that the data and configuration of your site is further protected by providing a logical ‘air gap’ between your business applications (in this case Jira) and your data backups in order to allow a compromised system to be completely restored.

What about Cloud?

As it is appears to be limited to on-premise Atlassian software only, cloud customers can breathe a sigh of relief this time.  But as I’m writing this, I am thinking back to the very informative workshop that I had with expert security advisors (Antonio and Gabriele) where two scary topics topics were explored;

 

Conclusion

This incident is yet another reminder that information security and resilience needs to be at the front of mind no matter where your information systems reside as there are numerous bad actors out there making a flourishing career out of finding, exposing and selling security flaws.



 

Disclaimer and References

This is a opinion piece article only and information provided is based on the following sources;

https://confluence.atlassian.com/security/security-bulletin-june-18-2024-1409286211.html

https://dailydarkweb.net/zero-day-rce-exploit-for-atlassian-jira-for-sale/

https://www.ibm.com/topics/zero-da

https://x.com/MonThreat/status/1802612486144749798

https://www.ibm.com/topics/zero-day

 

 


 

 

avatar

Stu Lees

Stu is the VP of Marketing and Partnerships at Revyz Inc. With a career spanning over 25 years in IT, Stu runs the global marketing and partnership teams for the Revyz business and is based in Auckland, New Zealand. Stu has worked in a wide variety of arenas that include 15 years in senior leadership roles in enterprise IT as well as running his own technology integration company from 2006-2013. Stu is involved as a leader in the Auckland Atlassian ACE group and speaks frequently in webinars on both cyber security and marketing.