We uncover how a campaign used Atlassian Jira Cloud to launch automated and targeted spam campaigns, exploiting trusted SaaS workflows to bypass security controls.

Trend Micro Blog offers insights, analysis, and updates on cybersecurity threats, trends, and best practices. Covering topics such as malware analysis, threat intelligence, and cybersecurity risk management, Trend Micro Blog provides resources for IT security professionals, helping them stay ahead of emerging threats and protect their organizations from cyber attacks.

Trend Micro

Attackers exploited Atlassian Jira Cloud's trusted domain reputation to launch automated spam campaigns targeting government and corporate entities from December 2025 to January 2026. The campaigns used free trial accounts to create disposable Jira instances, leveraging Jira Automation to send localized spam emails in six languages that bypassed traditional security controls through valid SPF and DKIM authentication. Recipients were redirected via Keitaro TDS to dubious investment schemes and online casinos, with organizations already using Jira being primary targets due to their familiarity with Jira-generated notifications.

Spam Campaign Abuses Atlassian Jira, Targets Government and Corporate Entities