Objective: to counter the growing spread of fake news and disinformation against Paris and its Armed Forces. Parly: “We want to win the war before the war.”
SophosLabs: Atom Silo use Confluence exploit, DLL side-load to attack. The ransomware group exploited the side-loading of malicious dynamic-link libraries tailored to disrupt endpoint protection software
Atom Silo, a new ransomware group, use Confluence exploit, DLL side-load for stealthy attacks. It has been discovered by SophosLabs cybersecurity experts. It targets a recently patched and actively exploited Confluence Server and Data Center vulnerability to deploy their ransomware payloads. The aggressions exploit an earlier initial access leveraging a vulnerability in Atlassian’s Confluence collaboration software. While the ransomware itself is virtually identical to LockFile, the intrusion made use of several novel techniques that made it difficult to investigate, including the side-loading of malicious dynamic-link libraries tailored to disrupt endpoint protection software.