Security News > 2023 > October > North Korean hackers exploit critical TeamCity flaw to breach networks
Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks.
In September, TeamCity fixed a critical 9.8/10 vulnerability tracked as CVE-2023-42793 that allowed unauthenticated attackers to remotely execute code.
While TeamCity quickly fixed the vulnerability, threat actors, such as ransomware gangs, began to exploit the flaw to breach corporate networks.
"In past operations, Diamond Sleet and other North Korean threat actors have successfully carried out software supply chain attacks by infiltrating build environments," explains Microsoft.
Once the threat actors breach a TeamCity server, they utilize different attack chains to deploy backdoors and gain persistence on the compromised network.
While the groups' attacks are used to benefit the North Korean government, their goals can be different.
News URL
Related news
- Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms (source)
- Hackers targeting WhatsUp Gold with public exploit since August (source)
- Fortinet confirms data breach after hacker claims to steal 440GB of files (source)
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- Temu denies breach after hacker claims theft of 87 million data records (source)
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)
- Dell investigates data breach claims after hacker leaks employee info (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-19 | CVE-2023-42793 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | 9.8 |