Skip to main content

Atlassian user added to administrative group

ID:atlassian_user_added_to_admin_group
Data type:Atlassian
Severity:
Low
MITRE ATT&CK:TA0004:T1098

Description

AlphaSOC detected that a user was added to an administrative group in Atlassian. This action grants a user elevated access to Atlassian products and services, and may indicate potential compromise of administrative credentials.

Impact

By adding an adversary-controlled user to the administrative group, threat actors can potentially manipulate data, access sensitive information, modify configurations, or perform other malicious actions within Atlassian products such as Jira and Confluence.

Severity

SeverityCondition
Low
Atlassian user added to administrative group

Investigation and Remediation

Review the Atlassian audit logs to identify who added the user to the administrative group and verify whether this action was authorized. If unauthorized, remove the unauthorized administrator, reset affected credentials, and conduct a thorough security audit of the environment.