Security News > 2023 > December > CISA: Russian hackers target TeamCity servers since September
CISA and partner cybersecurity agencies and intelligence services warned that the APT29 hacking group linked to Russia's Foreign Intelligence Service has been targeting unpatched TeamCity servers in widespread attacks since September 2023.
Security researchers at nonprofit internet security outfit Shadowserver Foundation are tracking almost 800 unpatched TeamCity servers that are vulnerable to attacks.
In early October, several ransomware gangs were already exploiting the vulnerability to breach corporate networks, according to threat intelligence companies GreyNoise and PRODAFT. GreyNoise detected attacks from 56 different IP addresses as part of coordinated efforts aimed at breaching TeamCity servers left unpatched.
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies.
Russian military hackers target NATO fast reaction corps.
Russian hackers exploiting Outlook bug to hijack Exchange accounts.
News URL
Related news
- Russian ISP confirms Ukrainian hackers "destroyed" its network (source)
- How Russian hackers went after NGOs’ WhatsApp accounts (source)
- CISA: Hackers still exploiting older Ivanti bugs to breach networks (source)
- EU sanctions Russian GRU hackers for cyberattacks against Estonia (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)