Threat actors are exploiting Atlassian Jira Cloud's infrastructure to launch sophisticated spam campaigns, leveraging the platform's high domain reputation to bypass traditional email security filters. Between December 2025 and January 2026, attackers created numerous trial instances and utilized Jira Automation to deliver localized emails to targets globally, including government and corporate sectors.
The campaign utilized the Keitaro Traffic Distribution System (TDS) to redirect recipients to fraudulent investment schemes and online casinos. By exploiting legitimate SaaS features and authentication standards like SPF and DKIM, the attackers successfully mimicked trusted enterprise communications, making detection significantly more difficult for standard security solutions.
Top comments (0)