Russian hackers have JetBrains TeamCity servers in their crosshairs

December 14, 2023
1 min read
  • Russian state-sponsored hackers have exploited vulnerability in JetBrains TeamCity servers for their cyber operations.
  • This attack is specifically targeted at unpatched, internet-facing servers and has affected various organizations in the US, Europe, Asia, and Australia.
  • The tactic employed by these hackers include gaining initial access by exploiting the vulnerability, performing reconnaissance, escalating their privileges, deploying backdoors, and ensuring long-term access to the compromised network environments.

These cyber attacks have been traced back to APT 29 group, also known as CozyBear, and Midnight Blizzard, believed to be associated with Russian Foreign Intelligence Service (SVR). Discovered to have been active since 2013, this syndicate typically targets government agencies, think tanks, political and diplomatic organizations, biomedical complexes, energy and IT companies among others. Their primary goal is to collect foreign intelligence.

The vulnerability exploited is identified as CVE-2023-42793. An authentication bypass vulnerability in JetBrains TeamCity CI/CD platform that can lead to RCE, it is believed that there are still approximately 800 unpatched JetBrains TeamCity instances worldwide. Patches for this vulnerability were readily available in mid-September 2023.

The cybersecurity advisory agencies noted that APT 29 has not yet used its accesses to sabotage customer networks. A warning was released for organizations to check for signs of intrusion by APT 29 and other attackers. Microsoft highlighted that since early October, Lazarus and Andariel, Korean-backed hacking groups, have also been exploiting the said vulnerability. Original equipment manufacturers have been strongly advised to check and install security patches to counteract these cyber attacks.

An update from JetBrains confirmed that they had released a security fix for this vulnerability within their TeamCity 2023.05.4 update on September 18, 2023. They have been continuously encouraging their customers and users to immediately update their software and follow the best security practices. All these measures are directed at strengthening the security of their build pipelines.

Latest from Blog

Top CISA official looks back on four years of cyber work

TLDR: Eric Goldstein, a top official at CISA, reflects on progress made in cybersecurity during his tenure. Key achievements include understanding cyber risks, collaboration with industry, and encouraging secure product development. Eric

Juggling AI cybersecurity highs and lows

TLDR: At the 2024 MIT Sloan CIO Symposium, industry leaders discussed the challenge of balancing AI’s benefits with its security risks, particularly focusing on generative AI. While generative AI can bring benefits

Get your free Cyber Security eBook now Valued at $169

“`html TLDR: Key Points: Claim your complimentary eBook worth $169 for free before May 22. The eBook covers practical applications of cyber security and network security for professionals, engineers, scientists, and students.