Atlassian organization admin added
Description
AlphaSOC detected that a new administrator was added to an Atlassian organization. This action grants a user elevated access to Atlassian products and services, and may indicate potential compromise of administrative credentials.
Impact
By adding an unauthorized administrator to an Atlassian organization, threat actors can potentially manipulate data, access sensitive information, modify configurations, or perform other malicious actions within Atlassian products such as Jira and Confluence.
Severity
| Severity | Condition |
|---|---|
Low | Atlassian organization admin added |
Investigation and Remediation
Review the Atlassian audit logs to identify who added the new admin to the organization and verify whether this action was authorized. If unauthorized, remove the unauthorized administrator, reset affected admin credentials, and conduct a thorough security audit of the environment.