On November 10, 2023, the Newsroom reported a cyber attack on Atlassian Confluence Servers involving a malware backdoor called “Effluence.” Despite patches to Confluence, the backdoor allows attackers to access the system remotely, and is not fixed by patching the system. The attack involved exploiting two critical vulnerabilities, resulting in unauthorized access and loss of confidentiality, integrity, and availability. The attack included a novel web shell that grants persistent remote access to the server. A loader component, posing as a Confluence plugin, is responsible for decrypting and launching the payload. If you found this article interesting, follow us on Twitter and LinkedIn for more exclusive content.