VERY IMPORTANT

A sophisticated spam campaign exploited Atlassian Jira Cloud to bypass security controls and target government and corporate entities. The attackers used legitimate Atlassian Cloud infrastructure to create disposable Jira instances, leveraging the platform's trusted domain reputation. The campaign targeted specific language groups, including English, French, German, Italian, Portuguese, and Russian speakers, with tailored emails redirecting to investment scams and online casinos. The operation demonstrated high automation and abuse of SaaS workflows, highlighting the need for reassessing trust assumptions in cloud-generated emails. The campaign utilized Keitaro Traffic Distribution System for redirects and focused on organizations already using Atlassian Jira, exploiting their familiarity with Jira-related emails.