Thursday, October 12, 2023

Atlassian hit by Chinese state-linked hackers

 More scams arriving from foreign soil:

Via mobiles numbers such as +61 472 709 929

It is time for telcos to be more pro active as the damage done by various Nigerian and other scams is hard to calculate in terms of time lost and emotional costs…

Never ever click on SMS with links such as “Urgent Notice: Your Medicare information requires updating. Visit to update your records.”

Search for Services Australia on the web for warnings such as

Scammers are pretending to be from Medicare. They may contact you by text message, saying your Medicare card has expired. They'll ask you to click on a link and update your details.

The $500 million ATO fraud highlights flaws in the myGov ID system. Here’s how to keep your data safe

Atlassian hit by Chinese state-linked hackers

Nick Bonyhady
Nick BonyhadyTechnology writer

Microsoft has accused Chinese state-linked hackers of exploiting a critical security hole in software from Australian technology giant Atlassian to break into customers’ systems.

Atlassian has given the security flaw in its Confluence software, which is a tool that businesses use to centralise information, the highest possible severity rating because it can be exploited anonymously and remotely.

Microsoft has accused hackers linked to the Chinese state of exploiting a hole in Atlassian software. Jamie Brown

“We have evidence to suggest that a known nation-state actor is actively exploiting [the vulnerability],” Atlassian told its customers on Wednesday.

Microsoft’s cybersecurity division said it had detected a “nation-state threat actor” variously known as Storm-0062, DarkShadow or Oro0lxy exploiting the vulnerability as long ago as September 14.

Microsoft has previously identified that group as being based in China and linked to the national government. While Atlassian would not name a suspect country, it has emphasised that it is working closely with Microsoft.

Hackers routinely target companies like Atlassian that make widely used software because it gives them access to many other companies that can subsequently be targeted for industrial espionage, state intelligence or ransomware.

The Australian government has been working to bolster the country’s cybersecurity in the wake of the Optus and Medibank hacks last year, appointing a new co-ordinator for the issue.

But security issues like the Confluence flaw, known as a “zero-day” vulnerability, are notoriously difficult to tackle because they are unknown until exploited.

How it works

The security hole, which Atlassian first reported on October 4, allows hackers to access Confluence systems and create administrator accounts.

That could either let them access sensitive information which is held in Confluence itself or, if the system has details of the victim’s wider IT setup, execute further hacks.

The version of Confluence that runs in Atlassian’s cloud is not affected. The company has urged customers running older versions of Confluence on their own systems to immediately upgrade to later versions that do not have the vulnerability.

The Chinese Embassy in Canberra did not immediately reply to a request for comment, but the Chinese government has long denied it has any role in hacking overseas.

An Atlassian spokeswoman said it encouraged customers to share evidence of any compromised systems to support its response.

“Our priority is the security of our customers’ instances during this critical vulnerability, and we are collaborating with industry-leading threat intelligence partners, such as Microsoft, to obtain additional information that may assist customers with responding to the vulnerability,” the spokeswoman said.

But Atlassian has also said it cannot confirm if a customer’s Confluence system has been hacked, instead urging them to look for clues that it might have happened.

“If any evidence is found, you should assume that your instance has been compromised and evaluate the risk of flow-on effects,” Atlassian’s advice to customers reads.

If hackers have got into a Confluence system, Atlassian says, they can “perform any number of unfettered actions” including stealing content, system credentials and installing smaller pieces of malicious code called plug-ins.

Nick Bonyhady is a technology writer for the Australian Financial Review, based in Sydney. He is a former technology editor, industrial relations and politics reporter at the Sydney Morning Herald and Age.Connect with Nick on Twitter. Email Nick at