Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Craig Hale

Russian hackers targeting JetBrains TeamCity security flaws

A mysterious man holding a keyboard like a weapon.

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that Russian Foreign Intelligence Services are exploiting a vulnerability in popular CI/CD tool TeamCity.

CISA, together with the FBI and NSA, the UK’s National Cyber Security Centre (NCSC), and Poland’s Military Counterintelligence Service (SKW) and CERT Polska (CERT.PL), have together observed the Russian threat actor exploiting a CVE “at a large scale” since September 2023.

The group says that compromised TeamCity accounts could expose developer source code, signing certificates, and more.

Organizations warned of Russian hackers

CISA says its intention is to get organizations to conduct their own investigations and secure their networks. It’s also hoped that cybersecurity companies will be able to better prepare themselves for these attacks thanks to early warning from some of the world’s leading security bodies.

The group, known by a variety of names, including APT 29, the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard, and active since at least 2013, used similar methods to compromise SolarWinds customers in 2020. In fact, the US government has previously raised alarm bells about the group in other advisories over the years.

In this instance, the group exploits CVE-2023-42793 which results in arbitrary code excuse on the server by enabling the insecure handling of specific paths.

A description of the vulnerability reads: "In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible.”

CISA said that it was not aware of any other initial access vector to JetBrains TeamCity, but that companies across the US, Europe, and other parts of the world have been notified.

Just a few weeks ago, Microsoft said that North Korean hackers with state ties had also been exploiting the same CVE.

JetBrains has already issued a fix, meaning that the now opportunistic attacks rely on users who haven’t yet applied the update, further highlighting the sheer importance of staying on top of security fixes as and when they’re published.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.