Security News > 2023 > October > North Korean hackers exploit critical TeamCity flaw to breach networks
Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks.
In September, TeamCity fixed a critical 9.8/10 vulnerability tracked as CVE-2023-42793 that allowed unauthenticated attackers to remotely execute code.
While TeamCity quickly fixed the vulnerability, threat actors, such as ransomware gangs, began to exploit the flaw to breach corporate networks.
"In past operations, Diamond Sleet and other North Korean threat actors have successfully carried out software supply chain attacks by infiltrating build environments," explains Microsoft.
Once the threat actors breach a TeamCity server, they utilize different attack chains to deploy backdoors and gain persistence on the compromised network.
While the groups' attacks are used to benefit the North Korean government, their goals can be different.
News URL
Related news
- Hackers exploit Ray framework flaw to breach servers, hijack resources (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Aiohttp bug to find vulnerable networks (source)
- Chinese Earth Krahang hackers breach 70 orgs in 23 countries (source)
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- CISA shares critical infrastructure defense tips against Chinese hackers (source)
- Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-19 | CVE-2023-42793 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | 9.8 |