Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare
Russia's APT29 is going after a critical RCE flaw in the JetBrains TeamCity software developer platform, prompting governments worldwide to issue an urgent warning to patch.
![chessboard chessboard](https://eu-images.contentstack.com/v3/assets/blt69509c9116440be8/bltc247d3b3fa8efd60/657b25a0fda914040a2ea02a/checkmate-creativep-Alamy.jpg?width=1280&auto=webp&quality=95&format=jpg&disable=upscale)
APT29, the notorious Russian advanced persistent threat behind the 2020 SolarWinds hack, is actively exploiting a critical security vulnerability in JetBrains TeamCity that could open the door to rampant software supply chain attacks.
That's the word from CISA, the FBI, the NSA, and a host of international partners, who said in a joint alert today that APT29 (aka CozyBear, the Dukes, Midnight Blizzard, or Nobelium) is hammering servers hosting TeamCity software "at a large scale" using the unauthenticated remote code execution (RCE) bug. According to the feds, the exploitation of the issue, tracked as CVE-2023-42793 (CVSS score of 9.8), started in September after JetBrains patched the flaw and Rapid7 released a public proof-of-concept (PoC) exploit for it; but now, it has grown to be a worrying global phenomenon that could result in widespread damage.
Read the Full Article on Dark Reading
About the Author(s)
You May Also Like