Security News > 2023 > December > Russian hackers target unpatched JetBrains TeamCity servers
Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned.
As they noted, this time around, "The victim types do not fit into any sort of pattern or trend, aside from having an unpatched, Internet-reachable JetBrains TeamCity server."
In these latest attacks, APT 29 has exploited CVE-2023-42793, an authentication bypass vulnerability in the TeamCity CI/CD platform that can lead to RCE. Patches for it have been released in mid-September 2023, but there are still nearly 800 JetBrains TeamCity unpatched instances worldwide, according to the Shadowserver Foundation.
After gaining initial access by exploiting the vulnerability, the hackers performed host and network reconnaissance, escalated their privileges, performed lateral moves, deployed backdoors, and took steps to ensure long-term access to the compromised network environments.
"Software developers use TeamCity software to manage and automate software compilation, building, testing, and releasing. If compromised, access to a TeamCity server would provide malicious actors with access to that software developer's source code, signing certificates, and the ability to subvert software compilation and deployment processes-access a malicious actor could further use to conduct supply chain operations," the agencies noted in the security advisory.
Security teams at organizations that have failed to patch their TeamCity servers in time should check for signs of intrusion, both by APT 29 and other attackers.
News URL
https://www.helpnetsecurity.com/2023/12/14/russian-hackers-cve-2023-42793/
Related news
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-19 | CVE-2023-42793 | Missing Authentication for Critical Function vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | 9.8 |