Zero-Day Exploitation of Atlassian Confluence

Volexity investigated active exploitation of a zero-day remote code execution vulnerability in Atlassian Confluence (CVE-2022-26134), identifying an in-memory BEHINDER implant and disk-based webshells (China Chopper and a custom upload shell), recovered attacker commands and IOCs (file hashes and multiple IPs), provided forensic analysis and detection guidance, and recommended immediate patching and mitigation steps.