In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
https://www.imperva.com/blog/imperva-detects-undocumented-8220-gang-activities/?web_view=true
https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem
https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective
https://therecord.media/confluence-and-gitlab-servers-targeted-by-new-ransomware-strain