Russian hackers eye unfortified JetBrains TeamCity servers.

Russian state-sponsored hackers have targeted unpatched JetBrains TeamCity servers, leveraging vulnerability CVE-2023-42793. The cybersecurity authorities of the US, UK, and Poland issued this warning. A hacker group APT 29, believed to be connected with the Russian Foreign Intelligence Service, is in action since 2013 and is said to be behind these attacks. The victims include government agencies, think tanks, political organizations, diplomatic agencies, biomedical and energy companies, as well as IT companies across the USA, Europe, Asia, and Australia. The main objective is the collection of foreign intelligence.

APT 29 had been instrumental in operation targeting the SolarWinds information technology company and its customers.
JetBrains TeamCity servers are being primarily targeted this time.
Attacks tend to be opportunistic in nature and hit disparate organizations.

In these recent attacks, vulnerability CVE-2023-42793 is exploited, which is an authentication bypass loophole in the TeamCity CI/CD platform that can lead to Remote Code Execution (RCE). Patches for this vulnerability were released in mid-September 2023, yet approximately 800 JetBrains TeamCity unpatched instances still exist globally.

Post initial access by exploiting the vulnerability, the hackers carry out host and network reconnaissance, escalate their privileges, initiate lateral moves, deploy backdoors, and secure long-term access to the compromised networks, using various tactics to avoid detection. They get access to the software developer’s source code, signing certificates, and the ability to subvert software compilation and deployment processes. However, they haven’t yet used their access to software developers to infiltrate customer networks.

The indicators of compromise include log file entries, files, and IP addresses.
The Korean-backed Lazarus and Andariel hacking groups have also been exploiting this vulnerability since early October.

Response from JetBrains indicates that they were already aware of this vulnerability and addressed it in the TeamCity 2023.05.4 update released in September 2023. They claim that less than 2% of TeamCity instances still operate unpatched software and are pushing their owners for immediate patching. Importantly, the vulnerability only affects the on-premises instances of TeamCity, not the cloud version.

Post Views: 69

Latest from Blog

Cyberattack hits Selenium Grid for Crypto Mining – stay safe

Ongoing Cyberattack Targets Exposed Selenium Grid Services TLDR: Cyberattack targeting older versions of Selenium for crypto mining Threat actors using Selenium Grid services for illicit activities Cybersecurity researchers are warning about an

Bridging the cyber talent gap: tips for CISOs

TLDR: – Global cyber threats have increased twofold in recent years, leading to a talent gap of nearly 4 million cyber professionals worldwide. – Existing cyber staff are under strain, with vacancies

Deepfake dangers prompt urgent cybersecurity reevaluations for businesses

TLDR: AI-generated deepfake attacks are on the rise, leading companies to reassess their cybersecurity measures. Companies are developing deepfake response plans and running simulations to increase preparedness. Biometric authentication, once considered secure,

North Korean faces charges for cyberattacks on US targets

TLDR: A North Korean military intelligence operative has been indicted for orchestrating cyberattacks on U.S. hospitals, NASA, and military bases. Rim Jong Hyok, a member of the Andariel Unit, faces charges of

Analysts predict cybersecurity stocks will soar after CrowdStrike’s outage

“`html TLDR: CrowdStrike outage led to potential gains for cybersecurity rivals SentinelOne, Palo Alto Networks, and Microsoft’s cybersecurity business could benefit After a defective CrowdStrike update caused a global tech outage, analysts

Bitsight’s Trust Management Hub: Revolutionizing Security Assessment Process

TLDR: Bitsight has released Trust Management Hub to streamline security assessments. The new solution reduces workload by 25% and improves the assessment cycle by 85%, helping teams close deals faster. Bitsight, a

North Korean hackers pivot to ransomware attacks

TLDR: North Korean hackers from APT45 have shifted from cyber espionage to ransomware attacks APT45 has targeted critical infrastructure and is linked to ransomware families SHATTEREDGLASS and Maui A North Korea-linked threat

Europe’s telecom, electricity sectors evaluated in new EU cybersecurity report

TLDR: EU releases risk assessment report on cybersecurity in telecommunications and electricity sectors Report highlights supply chain risks, shortage of cybersecurity professionals, and threats from cybercriminals and state-sponsored actors Summary: The European

Cyber insurance evolves to cover all your online needs

TLDR: Cyber insurance coverage is evolving to help raise security baselines across businesses. Only one-quarter of companies have a standalone cyber insurance policy. In today’s evolving cybersecurity landscape, cyber insurance coverage is

Study: CrowdStrike slashes losses, Fortune 500 set to save $54B

TLDR: Key Points: CrowdStrike outage will cost Fortune 500 $5.4 billion Cyber insurance will only cover 10-20% of losses In a report by Parametrix, it is estimated that the global IT outage

Suggestions

Russian hackers eye unfortified JetBrains TeamCity servers.

Latest from Blog