Atlassian user added to administrative group
Description
AlphaSOC detected that a user was added to an administrative group in Atlassian. This action grants a user elevated access to Atlassian products and services, and may indicate potential compromise of administrative credentials.
Impact
By adding an adversary-controlled user to the administrative group, threat actors can potentially manipulate data, access sensitive information, modify configurations, or perform other malicious actions within Atlassian products such as Jira and Confluence.
Severity
Severity | Condition |
---|---|
Low | Atlassian user added to administrative group |
Investigation and Remediation
Review the Atlassian audit logs to identify who added the user to the administrative group and verify whether this action was authorized. If unauthorized, remove the unauthorized administrator, reset affected credentials, and conduct a thorough security audit of the environment.