Multiple agencies led by the U.S. National Security Agency and FBI issued a cybersecurity warning against Russian cyber actors that exploit the vulnerability in JetBrains’ TeamCity continuous integration and build management server.
The cybersecurity advisory refers to CVE-2023-42793, which could allow hackers to breach access to source code and perform malicious supply chain operations, NSA said Wednesday.
The Russian Foreign Intelligence Service, or SVR, reportedly employ cyber actors including the Dukes, Advanced Persistent Threat 29, CozyBear and NOBELIUM/Midnight Blizzard. Since September 2023, they have been attacking TeamCity enterprise users that deal with bill payments, customer care, medical devices, manufacturers and IT companies.
The agencies recommend threat mitigation measures such as implementing patches from TeamCity, auditing log files and adding multifactor authentication.
“Russian cyber actors continue taking advantage of known vulnerabilities for intelligence collection,” said Rob Joyce, director of NSA’s Cybersecurity Directorate. “It is critical to ensure systems are patched quickly, and to implement the mitigations and use the IOCs listed in this report to hunt for adversary persistent access,” added Joyce, a Wash100 awardee.