Security News > 2023 > December > CISA: Russian hackers target TeamCity servers since September
CISA and partner cybersecurity agencies and intelligence services warned that the APT29 hacking group linked to Russia's Foreign Intelligence Service has been targeting unpatched TeamCity servers in widespread attacks since September 2023.
Security researchers at nonprofit internet security outfit Shadowserver Foundation are tracking almost 800 unpatched TeamCity servers that are vulnerable to attacks.
In early October, several ransomware gangs were already exploiting the vulnerability to breach corporate networks, according to threat intelligence companies GreyNoise and PRODAFT. GreyNoise detected attacks from 56 different IP addresses as part of coordinated efforts aimed at breaching TeamCity servers left unpatched.
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies.
Russian military hackers target NATO fast reaction corps.
Russian hackers exploiting Outlook bug to hijack Exchange accounts.
News URL
Related news
- U.S. indicts Russian GRU hacker, offers $10 million reward (source)
- TeamViewer links corporate cyberattack to Russian state hackers (source)
- Hackers attack HFS servers to drop malware and Monero miners (source)
- CloudSorcerer hackers abuse cloud services to steal Russian govt data (source)
- U.S. Releases High-Profile Russian Hackers in Diplomatic Prisoner Exchange (source)
- CISA warns of hackers abusing Cisco Smart Install feature (source)
- CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature (source)
- Russian-Linked Hackers Target Eastern European NGOs and Media (source)
- Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (source)
- Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web (source)