December 13, 2023

Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally

December 13, 2023

What we know so far

The US FBI, CISA, NSA, Poland's SKW, CERT Polska, and the UK's NCSC have issued a warning that Russian SVR cyber actors, known as APT 29 or CozyBear, are exploiting a vulnerability in JetBrains TeamCity software (CVE-2023-42793) to target software developers. This exploitation could lead to compromised source code and supply chain attacks, similar to the 2020 SolarWinds breach. The agencies advise entities with affected systems to assume compromise if patches were not applied and to conduct threat hunting using provided indicators of compromise (IOCs). The SVR's activities are part of a broader pattern of targeting technology companies and collecting foreign intelligence, including political, economic, and technological information.

Arrow Right

Schedule a test

Subscribe to advisory alerts

Be immediately notified of new advisories and associated security tests

More advisories