Security News > 2023 > December > CISA: Russian hackers target TeamCity servers since September
CISA and partner cybersecurity agencies and intelligence services warned that the APT29 hacking group linked to Russia's Foreign Intelligence Service has been targeting unpatched TeamCity servers in widespread attacks since September 2023.
Security researchers at nonprofit internet security outfit Shadowserver Foundation are tracking almost 800 unpatched TeamCity servers that are vulnerable to attacks.
In early October, several ransomware gangs were already exploiting the vulnerability to breach corporate networks, according to threat intelligence companies GreyNoise and PRODAFT. GreyNoise detected attacks from 56 different IP addresses as part of coordinated efforts aimed at breaching TeamCity servers left unpatched.
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies.
Russian military hackers target NATO fast reaction corps.
Russian hackers exploiting Outlook bug to hijack Exchange accounts.
News URL
Related news
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- ASUS releases fix for AMI bug that lets hackers brick servers (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- France ties Russian APT28 hackers to 12 cyberattacks on French orgs (source)
- CISA warns of hackers targeting critical oil infrastructure (source)
- Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware (source)