Security News > 2023 > December > CISA: Russian hackers target TeamCity servers since September
CISA and partner cybersecurity agencies and intelligence services warned that the APT29 hacking group linked to Russia's Foreign Intelligence Service has been targeting unpatched TeamCity servers in widespread attacks since September 2023.
Security researchers at nonprofit internet security outfit Shadowserver Foundation are tracking almost 800 unpatched TeamCity servers that are vulnerable to attacks.
In early October, several ransomware gangs were already exploiting the vulnerability to breach corporate networks, according to threat intelligence companies GreyNoise and PRODAFT. GreyNoise detected attacks from 56 different IP addresses as part of coordinated efforts aimed at breaching TeamCity servers left unpatched.
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies.
Russian military hackers target NATO fast reaction corps.
Russian hackers exploiting Outlook bug to hijack Exchange accounts.
News URL
Related news
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)