#CVE202342793

Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies

by

December 14, 2023 at 06:24AM Russian cyberespionage group APT29 exploited a recent TeamCity vulnerability, impacting on-premises instances, to conduct large-scale cyberattacks since September 2023. US, UK, and Polish government agencies confirm APT29’s exploitation, linking the group to the Russian Foreign Intelligence Service. The exploitation enabled the group to access networks, deploy backdoors, and exfiltrate sensitive … Read more

Russian SVR-Linked APT29 Targets JetBrains TeamCity Servers in Ongoing Attacks

by

December 14, 2023 at 06:24AM Russian threat actors linked to APT29 and SVR have been targeting unpatched JetBrains TeamCity servers since September 2023, exploiting CVE-2023-42793. This involves initial access to the compromised network environments and subsequent deployment of backdoors. The attacks aim to compromise source code, signing certificates, and software deployment processes, impacting numerous sectors … Read more

North Korean State Actors Attack Critical Bug in TeamCity Server

by

October 19, 2023 at 04:33PM North Korean state-backed threat groups, Diamond Sleet and Onyx Sleet, are exploiting a critical vulnerability in JetBrains TeamCity server to carry out cyber espionage, data theft, and other malicious activities. Over 30,000 organizations, including Citibank, Nike, and Ferrari, use TeamCity. The vulnerability allows attackers to gain administrative privileges and execute … Read more

North Korean Hackers Exploiting Recent TeamCity Vulnerability

by

October 19, 2023 at 07:06AM Multiple North Korean threat actors, including Diamond Sleet and Onyx Sleet, have been targeting vulnerable TeamCity servers using the CVE-2023-42793 vulnerability, which allows remote code execution and admin-level access. Microsoft warns that these threat actors have a history of conducting software supply chain attacks and poses a high risk to … Read more

Microsoft Warns of North Korean Attacks Exploiting TeamCity Flaw

by

October 19, 2023 at 03:21AM North Korean threat actors are exploiting a security flaw in JetBrains TeamCity to breach vulnerable servers. The attacks are attributed to Diamond Sleet and Onyx Sleet, both part of the Lazarus Group. The attacks involve compromising TeamCity servers and deploying known implants or malicious DLLs. Microsoft observed the use of … Read more