October 10, 2024 at 02:50PM U.S. and U.K. cyber agencies have warned that APT29 hackers linked to Russia are targeting unpatched Zimbra and JetBrains TeamCity servers worldwide. A joint advisory urges network defenders to deploy security patches to prevent attacks exploiting multiple vulnerabilities, highlighting ongoing threats to both government and private sectors. ### Meeting Takeaways: … Read more
December 14, 2023 at 06:24AM Russian cyberespionage group APT29 exploited a recent TeamCity vulnerability, impacting on-premises instances, to conduct large-scale cyberattacks since September 2023. US, UK, and Polish government agencies confirm APT29’s exploitation, linking the group to the Russian Foreign Intelligence Service. The exploitation enabled the group to access networks, deploy backdoors, and exfiltrate sensitive … Read more
December 14, 2023 at 06:24AM Russian threat actors linked to APT29 and SVR have been targeting unpatched JetBrains TeamCity servers since September 2023, exploiting CVE-2023-42793. This involves initial access to the compromised network environments and subsequent deployment of backdoors. The attacks aim to compromise source code, signing certificates, and software deployment processes, impacting numerous sectors … Read more
October 19, 2023 at 04:33PM North Korean state-backed threat groups, Diamond Sleet and Onyx Sleet, are exploiting a critical vulnerability in JetBrains TeamCity server to carry out cyber espionage, data theft, and other malicious activities. Over 30,000 organizations, including Citibank, Nike, and Ferrari, use TeamCity. The vulnerability allows attackers to gain administrative privileges and execute … Read more
October 19, 2023 at 07:06AM Multiple North Korean threat actors, including Diamond Sleet and Onyx Sleet, have been targeting vulnerable TeamCity servers using the CVE-2023-42793 vulnerability, which allows remote code execution and admin-level access. Microsoft warns that these threat actors have a history of conducting software supply chain attacks and poses a high risk to … Read more
October 19, 2023 at 03:21AM North Korean threat actors are exploiting a security flaw in JetBrains TeamCity to breach vulnerable servers. The attacks are attributed to Diamond Sleet and Onyx Sleet, both part of the Lazarus Group. The attacks involve compromising TeamCity servers and deploying known implants or malicious DLLs. Microsoft observed the use of … Read more