Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare
Russia's APT29 is going after a critical RCE flaw in the JetBrains TeamCity software developer platform, prompting governments worldwide to issue an urgent warning to patch.
December 14, 2023
1 Min Read
Creativep via Alamy Stock
APT29, the notorious Russian advanced persistent threat behind the 2020 SolarWinds hack, is actively exploiting a critical security vulnerability in JetBrains TeamCity that could open the door to rampant software supply chain attacks.
That's the word from CISA, the FBI, the NSA, and a host of international partners, who said in a joint alert today that APT29 (aka CozyBear, the Dukes, Midnight Blizzard, or Nobelium) is hammering servers hosting TeamCity software "at a large scale" using the unauthenticated remote code execution (RCE) bug. According to the feds, the exploitation of the issue, tracked as CVE-2023-42793 (CVSS score of 9.8), started in September after JetBrains patched the flaw and Rapid7 released a public proof-of-concept (PoC) exploit for it; but now, it has grown to be a worrying global phenomenon that could result in widespread damage.
About the Author(s)
Staff & Contributors
Dark Reading: Connecting The Information Security Community
Long one of the most widely-read cybersecurity news sites on the Web, Dark Reading is also the most trusted online community for security professionals. Our community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.
You May Also Like