Security News > 2023 > December > Russia joins North Korea in sending state-sponsored cyber troops to pick on TeamCity users
Updated The offensive cyber unit linked to Russia's Foreign Intelligence Service is exploiting the critical vulnerability affecting the JetBrains TeamCity CI/CD server at scale, and has been since September, authorities warn.
The exploit in TeamCity could give attackers enough access to manipulate a software's source code, sign certificates, and compile and deploy processes, the advisory says.
The authorities warned that although SolarWinds-like attacks have not yet been carried out as a result of the SVR's TeamCity exploitation, they believe attackers are still in a preparatory phase and that more serious attacks may come further down the line.
The number of TeamCity users exploited by the SVR wasn't disclosed, but the US, Polish and UK authorities say in the advisory that exploits are being carried out on "a large scale."
The authorities say the attempts to exploit TeamCity on a large scale fit in with the country's broad objectives in cyberspace, which have remained largely unchanged for the past ten years.
"A decade later, the authoring agencies can infer a long-term targeting pattern aimed at collecting, and enabling the collection of foreign intelligence, a broad concept that for Russia encompasses information on the politics, economics, and military of foreign states; science and technology; and foreign counterintelligence. The SVR also conducts cyber operations targeting technology companies that enable future cyber operations."
News URL
https://go.theregister.com/feed/www.theregister.com/2023/12/14/russia_joins_north_korea_cybercity/
Related news
- US govt says North Korea stole over $659 million in crypto last year (source)
- Crypto klepto North Korea stole $659M over just 5 heists last year (source)
- I'm a security expert, and I almost fell for a North Korea-style deepfake job applicant …Twice (source)
- North Korea targets crypto developers via NPM supply chain attack (source)