Security News > 2023 > December > Russia joins North Korea in sending state-sponsored cyber troops to pick on TeamCity users

Russia joins North Korea in sending state-sponsored cyber troops to pick on TeamCity users
2023-12-14 14:12

Updated The offensive cyber unit linked to Russia's Foreign Intelligence Service is exploiting the critical vulnerability affecting the JetBrains TeamCity CI/CD server at scale, and has been since September, authorities warn.

The exploit in TeamCity could give attackers enough access to manipulate a software's source code, sign certificates, and compile and deploy processes, the advisory says.

The authorities warned that although SolarWinds-like attacks have not yet been carried out as a result of the SVR's TeamCity exploitation, they believe attackers are still in a preparatory phase and that more serious attacks may come further down the line.

The number of TeamCity users exploited by the SVR wasn't disclosed, but the US, Polish and UK authorities say in the advisory that exploits are being carried out on "a large scale."

The authorities say the attempts to exploit TeamCity on a large scale fit in with the country's broad objectives in cyberspace, which have remained largely unchanged for the past ten years.

"A decade later, the authoring agencies can infer a long-term targeting pattern aimed at collecting, and enabling the collection of foreign intelligence, a broad concept that for Russia encompasses information on the politics, economics, and military of foreign states; science and technology; and foreign counterintelligence. The SVR also conducts cyber operations targeting technology companies that enable future cyber operations."


News URL

https://go.theregister.com/feed/www.theregister.com/2023/12/14/russia_joins_north_korea_cybercity/