March 8, 2024 at 11:57PM Microsoft disclosed that the Kremlin-backed threat actor Midnight Blizzard gained access to some source code repositories and internal systems following a hack in January 2024. The company stated that it is investigating the extent of the breach and has increased its security investments in response to the attack. The breach … Read more
February 27, 2024 at 04:56PM The threat group “Midnight Blizzard,” associated with Russian intelligence services, has shifted tactics, targeting cloud environments at organizations. Strategies include exploiting automated cloud services accounts, dormant accounts, and using OAuth tokens and MFA bombing attacks for unauthorized access. Mitigations recommended include multifactor authentication, strong passwords, and least privilege principles for … Read more
February 27, 2024 at 05:45AM Cybersecurity and intelligence agencies from the Five Eyes nations have issued a joint advisory on the evolving tactics of the Russian state-sponsored threat actor APT29, also known by several aliases. The advisory details the group’s affiliation with the SVR and their targeting of organizations through cloud-based infrastructure and techniques such … Read more
February 26, 2024 at 12:35PM The Five Eyes intelligence alliance issued a warning about increased targeting of cloud services by APT29, a Russian hacking group. A joint advisory by international cybersecurity agencies highlights APT29’s tactics, including compromising access credentials and exploiting dormant accounts. Recommendations for defenders include enabling multi-factor authentication and strong passwords, among others, … Read more
February 26, 2024 at 12:09PM Russian cyberespionage threat actors are now targeting cloud services as organizations shift to cloud-based infrastructure, warned by government agencies in the Five Eye countries. This includes tactics like brute-force attacks, exploiting dormant accounts, using tokens to bypass multi-factor authentication, and deploying post-compromise tools, as well as utilizing residential proxies to … Read more
February 26, 2024 at 07:26AM Summary: The advisory details the recent tactics of the APT29 cyber espionage group, attributed to the SVR, targeting cloud infrastructure. It outlines their previous activity and evolving techniques, such as accessing service and dormant accounts, using cloud-based token authentication, enrolling new devices to the cloud, and using residential proxies. Mitigation … Read more
February 7, 2024 at 07:37AM JetBrains urges all TeamCity (on-prem) users to upgrade to the latest version due to a critical vulnerability (CVE-2024-23917) with a 9.8 CVSS score, allowing unauthenticated remote attackers to seize control of vulnerable servers. This affects versions from 2017.1 to 2023.11.2, patched in 2023.11.3. Admins are advised to upgrade immediately or … Read more
December 14, 2023 at 09:14AM Summary: Authorities warn that Russia’s SVR’s cyber unit is exploiting a critical vulnerability in JetBrains TeamCity CI/CD server. The exploit could enable manipulation of source code, and potentially facilitate future attacks. The advisory outlines the SVR’s cyber operations and their long-term objectives in cyberspace. Mitigations and indicators of compromise are … Read more
December 14, 2023 at 06:24AM Russian threat actors linked to APT29 and SVR have been targeting unpatched JetBrains TeamCity servers since September 2023, exploiting CVE-2023-42793. This involves initial access to the compromised network environments and subsequent deployment of backdoors. The attacks aim to compromise source code, signing certificates, and software deployment processes, impacting numerous sectors … Read more
December 13, 2023 at 11:59AM Summary: The FBI, CISA, NSA, SKW, CERT Polska, and NCSC released a report assessing Russian SVR cyber actors exploiting CVE-2023-42793 to target servers hosting JetBrains TeamCity software globally. The report provides IOCs and mitigations to assist organizations in detecting and countering these malicious actions. SVR cyber activity poses a persistent … Read more