binarypublish
– The Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and other agencies have warned that Russian intelligence service cyber actors are exploiting a vulnerability in JetBrains software to hack servers.
– These actors, also known as Advanced Persistent Threat 29 (APT 29), Dukes, CozyBear, and NOBELIUM/Midnight Blizzard, have targeted businesses across various industries since September 2023.
APT 29 have been exploiting the CVE-2023-42793 vulnerability in TeamCity, a JetBrains software development program, to gain access and compromise the networks of various software developers. Affected versions include those before 2023.05.4. Once access is gained to a TeamCity server, threat actors can execute malicious supply chain operations, obtain source code, sign certificates, and perform other harmful activities.
The CSA (Cybersecurity and Infrastructure Security Agency) stated that these threat actors also perform malicious operations such as lateral movement, backdoor deployment, privilege escalation, and others to maintain prolonged access to compromised network environments.
In September 2023, JetBrains released a patch to fix this vulnerability, primarily affecting unpatched TeamCity servers accessible over the internet. Despite this, the SVR (Russian Foreign Intelligence Service) is still reportedly in the preparation phase for further operations, using its access to software developer networks to set up command and control infrastructures that are challenging to detect.
Key recommendations made by cybersecurity agencies to safeguard against these attacks include:
- Implementing a patch from JetBrains TeamCity
- Monitoring the network
- Setting up host-based and endpoint protection solutions
- Utilizing multi-factor authentication
- Auditing log files
It is crucial for systems to be patched swiftly and for the recommended mitigations to be employed.
The exploitation of this JetBrains vulnerability is another example of the persistent cyberthreats posed by foreign intelligence agencies such as Russia’s SVR. Businesses across various industries need to stay vigilant, implement appropriate cybersecurity measures, and ensure they are using the most recent and secure versions of their software tools.
