Tags
RansomwareMalware
Techniques
Vulnerability exploitation
Incidents
Confluence targeting by C3RB3R
References
https://arcticwolf.com/resources/blog/confluence-cve-2023-22527-leading-to-c3rb3r-ransomware/https://redcanary.com/blog/confluence-exploit-ransomware/
Last edited
May 30, 2024 3:32 PM
Cerber (also known as C3RB3R) ransomware operates as a semi-private Ransomware-as-a-Service (RaaS) and was first detected in 2016. Its activity peaked between 2016 and 2017, followed by periods of inactivity. Since 2020, Cerber has been involved in occasional campaigns with updated payloads that support both Linux and Windows operating systems. In late 2023, Cerber reappeared in new campaigns targeting vulnerable Atlassian Confluence Datacenter and Server products using CVE-2023-22518.