AdvisoryAdvisoriesCISAAA23-347A

December 13, 2023

Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally

December 13, 2023

What we know so far

The US FBI, CISA, NSA, Poland's SKW, CERT Polska, and the UK's NCSC have issued a warning that Russian SVR cyber actors, known as APT 29 or CozyBear, are exploiting a vulnerability in JetBrains TeamCity software (CVE-2023-42793) to target software developers. This exploitation could lead to compromised source code and supply chain attacks, similar to the 2020 SolarWinds breach. The agencies advise entities with affected systems to assume compromise if patches were not applied and to conduct threat hunting using provided indicators of compromise (IOCs). The SVR's activities are part of a broader pattern of targeting technology companies and collecting foreign intelligence, including political, economic, and technological information.

Arrow Right

Schedule a test

Our insights

Verified Security Tests

Protect your endpoints

Subscribe to alerts

Insights by Prelude

This CVE represents a critical security flaw that allows unauthorized remote code execution, potentially giving attackers deep access to the software development environment. The exploitation of this vulnerability is particularly alarming because TeamCity is widely used in the software industry for automating building, testing, and deployment processes. An attacker exploiting this CVE could gain access to sensitive source code, manipulate software development workflows, and possibly insert malicious code into software products. This would compromise the integrity of the development process and pose a substantial risk to downstream software supply chains. The revelation of Russian SVR cyber actors exploiting this vulnerability underscores its severity and the need for immediate patching and heightened security measures by all users of the affected software. The ease of exploitation involved with this vulnerability - a simple request to a specific vulnerable endpoint - underscores the importance of automatic patching. Upgrading software is a manual and time-consuming process for many organizations, especially larger ones. Each upgrade carries a certain amount of risk, as the change set may be incompatible with other critical applications on the system. However, it is possible to establish a process of safe automated patching - and setting one up should be a top priority.

See if you are protected against this advisory

Arrow Right

Schedule a test with Prelude

Subscribe to advisory alerts

Be immediately notified of new advisories and associated security tests

More advisories

AdvisoryAdvisoryCISAAA24-057A

February 26, 2024

SVR Cyber Actors Adapt Tactics for Initial Cloud Access

AdvisoryAdvisoryCISAAA24-046A

February 15, 2024

Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization

AdvisoryAdvisoryCISAAA24-038A

February 7, 2024

PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure

See all advisories

Arrow Right
Solutions
For Detection & Response TeamsFor CISOs
Platform
DetectCrowdStrike
Company
AboutVisionCareersBlogAdvisoriesResourcesCommunityPress
Book a Demo

©2024 Prelude Research, Inc. All rights reserved.
Prelude, its logo and other trademarks are trademarks of Prelude Research, Inc. and may not be used without permission.

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyAccept

Cookies

Heading to RSA in May? Machine speed detection and response is waiting for you at our booth
See Prelude at RSA
Arrow Right