Russian hackers targeting JetBrains TeamCity security flaws

News
By published

Just weeks earlier, North Koreans were exploiting this CVE

A mysterious man holding a keyboard like a weapon
(Image credit: Shutterstock / leolintang)

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that Russian Foreign Intelligence Services are exploiting a vulnerability in popular CI/CD tool TeamCity.

CISA, together with the FBI and NSA, the UK’s National Cyber Security Centre (NCSC), and Poland’s Military Counterintelligence Service (SKW) and CERT Polska (CERT.PL), have together observed the Russian threat actor exploiting a CVE “at a large scale” since September 2023.

The group says that compromised TeamCity accounts could expose developer source code, signing certificates, and more.

Organizations warned of Russian hackers

CISA says its intention is to get organizations to conduct their own investigations and secure their networks. It’s also hoped that cybersecurity companies will be able to better prepare themselves for these attacks thanks to early warning from some of the world’s leading security bodies.

The group, known by a variety of names, including APT 29, the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard, and active since at least 2013, used similar methods to compromise SolarWinds customers in 2020. In fact, the US government has previously raised alarm bells about the group in other advisories over the years.

In this instance, the group exploits CVE-2023-42793 which results in arbitrary code excuse on the server by enabling the insecure handling of specific paths.

A description of the vulnerability reads: "In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible.”

CISA said that it was not aware of any other initial access vector to JetBrains TeamCity, but that companies across the US, Europe, and other parts of the world have been notified.

Just a few weeks ago, Microsoft said that North Korean hackers with state ties had also been exploiting the same CVE.

JetBrains has already issued a fix, meaning that the now opportunistic attacks rely on users who haven’t yet applied the update, further highlighting the sheer importance of staying on top of security fixes as and when they’re published.

More from TechRadar Pro

Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Read more
Avast cybersecurity
Hackers are hijacking government software to access sensitive servers
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
Russia
Major Russian hacking group shifts focus to US and UK targets
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
CISA tells agencies to patch BeyondTrust bug now
Russian flag on a laptop
Major Russian IT service provider hit with cyberattack
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Latest in Security
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
person at a computer
Many workers are overconfident at spotting phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Latest in News
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments
An image of the Nintendo Switch 2
Nintendo Switch 2 could have AI upscaling similar to PS5 Pro’s PSSR according to patent, and it could be a gamechanger for graphics on the upcoming console
PowerColor Red Devil AMD RX 9070 XT graphics card shown side-on
Your next GPU could be from AMD, not Nvidia, if Team Red’s success with PC gamers continues
Quordle on a smartphone held in a hand
Quordle hints and answers for Tuesday, March 18 (game #1149)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 18 (game #380)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Tuesday, March 18 (game #646)
More about security
person at a computer

Infamous ransomware hackers reveal new tool to brute-force VPNs
ransomware avast

One of the most powerful ransomware hacks around has been cracked using some serious GPU power
Don't miss discounts on EA College Football 25.

I can't believe how cheap EA Sports College Football 25 is at Best Buy right now
See more latest
Most Popular
Apple Watch Ultra 2 settings
I've been using an Apple Watch for 10 years – here are three common mistakes even I've made
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments
An image of the Nintendo Switch 2
Nintendo Switch 2 could have AI upscaling similar to PS5 Pro’s PSSR according to patent, and it could be a gamechanger for graphics on the upcoming console
Samsung Galaxy S24 hands on handheld back straight white
The Samsung Galaxy S24 is getting one of the S25’s biggest video upgrades with One UI 7 – here’s why Log Video matters
PowerColor Red Devil AMD RX 9070 XT graphics card shown side-on
Your next GPU could be from AMD, not Nvidia, if Team Red’s success with PC gamers continues
AI fashion
I asked ChatGPT 4o, Gemini Live, and Siri what to wear, and only one could really help me look my best
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Tuesday, March 18 (game #646)
Quordle on a smartphone held in a hand
Quordle hints and answers for Tuesday, March 18 (game #1149)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 18 (game #380)