SophosLabs: Atom Silo use Confluence exploit, DLL side-load to attack. The ransomware group exploited the side-loading of malicious dynamic-link libraries tailored to disrupt endpoint protection software

Atom Silo, a new ransomware group, use Confluence exploit, DLL side-load for stealthy attacks. It has been discovered by SophosLabs cybersecurity experts. It targets a recently patched and actively exploited Confluence Server and Data Center vulnerability to deploy their ransomware payloads. The aggressions exploit an earlier initial access leveraging a vulnerability in Atlassian’s Confluence collaboration software. While the ransomware itself is virtually identical to LockFile, the intrusion made use of several novel techniques that made it difficult to investigate, including the side-loading of malicious dynamic-link libraries tailored to disrupt endpoint protection software.