Security News > 2023 > October > North Korean hackers exploit critical TeamCity flaw to breach networks
Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks.
In September, TeamCity fixed a critical 9.8/10 vulnerability tracked as CVE-2023-42793 that allowed unauthenticated attackers to remotely execute code.
While TeamCity quickly fixed the vulnerability, threat actors, such as ransomware gangs, began to exploit the flaw to breach corporate networks.
"In past operations, Diamond Sleet and other North Korean threat actors have successfully carried out software supply chain attacks by infiltrating build environments," explains Microsoft.
Once the threat actors breach a TeamCity server, they utilize different attack chains to deploy backdoors and gain persistence on the compromised network.
While the groups' attacks are used to benefit the North Korean government, their goals can be different.
News URL
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers exploit critical unpatched flaw in Zyxel CPE devices (source)
- Radiant links $50 million crypto heist to North Korean hackers (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Critical security hole in Apache Struts under exploit (source)
- Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
- North Korean hackers stole $1.3 billion worth of crypto this year (source)
- Adobe warns of critical ColdFusion bug with PoC exploit code (source)
- North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-19 | CVE-2023-42793 | Missing Authentication for Critical Function vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | 9.8 |