Adversaries may leverage Confluence repositories to mine valuable information. Often found in development environments alongside Atlassian JIRA, Confluence is generally used to store development-related documentation, however, in general may contain more diverse categories of useful information, such as:
- Policies, procedures, and standards
- Physical / logical network diagrams
- System architecture diagrams
- Technical system documentation
- Testing / development credentials
- Work / project schedules
- Source code snippets
- Links to network shares and other internal resources
|LAPSUS$ has searched a victim’s network for collaboration platforms like Confluence and JIRA to discover further high-privilege account credentials.
|Consider periodic review of accounts and privileges for critical and sensitive Confluence repositories.
|User Account Management
|Enforce the principle of least-privilege. Consider implementing access control mechanisms that include both authentication and authorization.
|Develop and publish policies that define acceptable information to be stored in Confluence repositories.