CISA, in collaboration with the FBI, NSA, SKW, CERT.PL, and NCSC, has released a joint Cybersecurity Advisory addressing the exploitation of JetBrains TeamCity CVE by Russian SVR-affiliated cyber actors since September 2023. These actors, known as APT 29, the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard, have been targeting servers hosting JetBrains TeamCity software, gaining unauthorized access and executing arbitrary code on compromised servers.
The advisory provides comprehensive information on the recent compromise orchestrated by SVR, including actionable indicators of compromise (IOCs) and SIGMA and YARA rules. Network defenders and organizations are urged to review the advisory for recommended mitigations to safeguard their systems against these cyber threats.
To enhance cybersecurity measures, the authoring agencies recommend implementing the prescribed mitigations and rules outlined in the joint advisory. For further details on affiliated advanced persistent threats, interested parties can refer to CISA’s Advanced Persistent Threats and Nation-State Actors, as well as Russia Cyber Threat Overview and Advisories webpages. Additionally, CISA’s Cross-Sector Cybersecurity Performance Goals offer guidance to protect against common and impactful cyber threats.
It’s important to note that the provided information is subject to the specified Notification and Privacy & Use policy. Organizations are encouraged to stay informed and take necessary actions to secure their systems in light of these ongoing cyber threats.
