* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Thursday, June 26, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    George Lopez is coming to Spokane – KXLY.com

    George Lopez is coming to Spokane – KXLY.com

    Netflix unveils Dallas immersive venue for fans of hit shows like ‘Squid Game,’ ‘Stranger Things’ – Houston Chronicle

    Step Inside Netflix’s New Dallas Immersive Experience Featuring Hits Like ‘Squid Game’ and ‘Stranger Things

    ‘Puttin’ on the Ritz’: Civic Players bring ‘Young Frankenstein’ to life – Yahoo

    Civic Players Deliver a Hilarious and Unforgettable Performance of ‘Young Frankenstein

    ‘Wheel of Fortune’: Amputee Wins $60,000 After Breaking Incredible ‘Curse’ – Hastings Tribune

    Wheel of Fortune’ Amputee Breaks Incredible ‘Curse’ to Win $60,000!

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    Safety concerns in Deep Ellum create apprehension as the entertainment district gains visitors – CBS News

    Safety Concerns Surge Amid Deep Ellum’s Booming Popularity and Growing Crowds

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    House panel wrangles on rail safety technology – FreightWaves

    House panel wrangles on rail safety technology – FreightWaves

    Frontdoor Announces Tech Expert Dr. Bala Ganesh as Chief Technology Officer – Business Wire

    Frontdoor Appoints Tech Visionary Dr. Bala Ganesh as New Chief Technology Officer

    Defense technology giant Northrop Grumman to host interviews in Iuka to fill technician roles – supertalk.fm

    Defense technology giant Northrop Grumman to host interviews in Iuka to fill technician roles – supertalk.fm

    China’s Military Introduces Mosquito-Sized Drones: A Game-Changing Surveillance Technology – Indian Defence Review

    China Unveils Mosquito-Sized Drones: Revolutionizing Surveillance Technology

    Marvell Technology Stock Rallies After AI Event Sparks Investor Optimism – Yahoo Finance

    Marvell Technology Stock Rallies After AI Event Sparks Investor Optimism – Yahoo Finance

    Promising Technology Stocks To Follow Today – June 22nd – MarketBeat

    Top Technology Stocks to Watch Today – June 22nd

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    George Lopez is coming to Spokane – KXLY.com

    George Lopez is coming to Spokane – KXLY.com

    Netflix unveils Dallas immersive venue for fans of hit shows like ‘Squid Game,’ ‘Stranger Things’ – Houston Chronicle

    Step Inside Netflix’s New Dallas Immersive Experience Featuring Hits Like ‘Squid Game’ and ‘Stranger Things

    ‘Puttin’ on the Ritz’: Civic Players bring ‘Young Frankenstein’ to life – Yahoo

    Civic Players Deliver a Hilarious and Unforgettable Performance of ‘Young Frankenstein

    ‘Wheel of Fortune’: Amputee Wins $60,000 After Breaking Incredible ‘Curse’ – Hastings Tribune

    Wheel of Fortune’ Amputee Breaks Incredible ‘Curse’ to Win $60,000!

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    Safety concerns in Deep Ellum create apprehension as the entertainment district gains visitors – CBS News

    Safety Concerns Surge Amid Deep Ellum’s Booming Popularity and Growing Crowds

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    House panel wrangles on rail safety technology – FreightWaves

    House panel wrangles on rail safety technology – FreightWaves

    Frontdoor Announces Tech Expert Dr. Bala Ganesh as Chief Technology Officer – Business Wire

    Frontdoor Appoints Tech Visionary Dr. Bala Ganesh as New Chief Technology Officer

    Defense technology giant Northrop Grumman to host interviews in Iuka to fill technician roles – supertalk.fm

    Defense technology giant Northrop Grumman to host interviews in Iuka to fill technician roles – supertalk.fm

    China’s Military Introduces Mosquito-Sized Drones: A Game-Changing Surveillance Technology – Indian Defence Review

    China Unveils Mosquito-Sized Drones: Revolutionizing Surveillance Technology

    Marvell Technology Stock Rallies After AI Event Sparks Investor Optimism – Yahoo Finance

    Marvell Technology Stock Rallies After AI Event Sparks Investor Optimism – Yahoo Finance

    Promising Technology Stocks To Follow Today – June 22nd – MarketBeat

    Top Technology Stocks to Watch Today – June 22nd

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Russia joins North Korea in sending state-sponsored cyber troops to pick on TeamCity users

December 14, 2023
in Technology
Russia joins North Korea in sending state-sponsored cyber troops to pick on TeamCity users
Share on FacebookShare on Twitter

Updated The offensive cyber unit linked to Russia’s Foreign Intelligence Service (SVR) is exploiting the critical vulnerability affecting the JetBrains TeamCity CI/CD server at scale, and has been since September, authorities warn.

The news came in an advisory issued by the US’ Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), the Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK’s National Cyber Security Centre (NCSC).

Announced in late September, the vulnerability, tracked as CVE-2023-42793 with a 9.8 severity score, can be seen as analogous to the one that facilitated the 2020 attack on SolarWinds – which claimed more than 18,000 victims.

The exploit in TeamCity could give attackers enough access to manipulate a software’s source code, sign certificates, and compile and deploy processes, the advisory says.

Although SVR has reportedly exploited servers since September, authorities have not gathered evidence to suggest they have used this access to launch attacks similar to the SolarWinds case.

However, the evidence suggests the access was used to plant additional backdoors in victim’s environments after attackers escalated their privileges and moved laterally around compromised networks.

Software supply chain attacks are particularly valuable for attackers given the potential for delivering malicious code that’s signed as “trusted” to an untold number of organizations.

North Korea is continually looking for opportunities in this area, recent reports revealed, and the country’s state-sponsored attackers were among the first to be observed exploiting CVE-2023-42793.

The authorities warned that although SolarWinds-like attacks have not yet been carried out as a result of the SVR’s TeamCity exploitation, they believe attackers are still in a preparatory phase and that more serious attacks may come further down the line.

Currently, the SVR’s priorities appear to be establishing a foothold in victims’ environments and deploying command and control (C2) infrastructure that’s difficult to detect – a sign of attackers laying the groundwork for future operations.

Legitimate services like Dropbox have been used to mask the SVR’s C2 traffic and malware-related data passing through these were obfuscated inside randomly generated BMP files.

Attackers were also spotted abusing OneDrive for the same purposes, but Microsoft has since confirmed this was disrupted.

This activity was spotted with the SVR’s use of the GraphicalProton backdoor, which itself was wrapped in numerous layers of encryption, obfuscation, encoders, and stagers.

The malware has remained largely unchanged in the months since the authorities began tracking it. However, different variants are being spotted, some with “noteworthy” packaging that use DLL hijacking in the open source monitoring tool Zabbix to begin execution and potentially facilitate long-term stealthy access to victims’ environments. 

Another variant also hides its activity within open source C++ build analysis tool vcperf.

Other post-exploitation activity has involved the deployment of the Mimikatz toolkit, enumerating victims’ Active Directories, disabling antivirus and EDR tools, and more.

The advisory contains an extensive list of recommended mitigations and indicators of compromise to help potential victims uncover any undetected activity.

The number of TeamCity users exploited by the SVR wasn’t disclosed, but the US, Polish and UK authorities say in the advisory that exploits are being carried out on “a large scale.”

Telemetry from Shadowserver indicates that nearly 800 TeamCity instances remain vulnerable to CVE-2023-42793 exploits as of this week, despite patches released by JetBrains in late September.

Aligned with Russia’s ambitions

The authorities say the attempts to exploit TeamCity on a large scale fit in with the country’s broad objectives in cyberspace, which have remained largely unchanged for the past ten years.

“Since 2013, cybersecurity companies and governments have reported on SVR operations targeting victim networks to steal confidential and proprietary information,” they say in the advisory. 

“A decade later, the authoring agencies can infer a long-term targeting pattern aimed at collecting, and enabling the collection of foreign intelligence, a broad concept that for Russia encompasses information on the politics, economics, and military of foreign states; science and technology; and foreign counterintelligence. The SVR also conducts cyber operations targeting technology companies that enable future cyber operations.”

For the past decade, the SVR has primarily relied on spear phishing (targeted phishing) methods to steal political, economic, scientific, and technological foreign intelligence. It was been known to target the likes of governments, think tanks and policy groups, educational institutions, and political organizations. 

The authorities also say it’s less common for the SVR to steal information by exploiting vulnerabilities and breaking into targets’ systems, though the group has extensive experience in the area.

Memory-safe languages so hot right now, agrees Lazarus Group as it slings DLang malware

Korean peninsula space race sees South and North launch tit for tat spy sats

North Korea makes finding a gig even harder by attacking candidates and employers

Industry piles in on North Korea for sustained rampage on software supply chains

Among the examples the agency cites is the 2020 case in which the SVR targeted organizations involved in the development of COVID-19 vaccines using the custom malware WellMess, WellMail, and Sorefang. 

In this week’s advisory, the spy agencies reveal for the first time that this malware was also used to target companies operating in the energy sector in addition to the biomedical sector, though few details were disclosed about this revelation.

It also cites SolarWinds, an attack that Microsoft’s Brad Smith famously branded the most sophisticated in history, the attribution for which didn’t come until the following year.

“This attribution marked the discovery that the SVR had, since at least 2018, expanded the range of its cyber operations to include the widespread targeting of information technology companies,” the authorities say. 

“At least some of this targeting was aimed at enabling additional cyber operations. Following this attribution, the US and UK governments published advisories highlighting additional SVR TTPs, including its exploitation of various CVEs, the SVR’s use of ‘low and slow’ password spraying techniques to gain initial access to some victims’ networks, exploitation of a zero-day exploit, and exploitation of Microsoft 365 cloud environments.” ®

Updated at 14.58 on Dece,ber 14, 2023, to add:

Yaroslav Russkih, head of security at JetBrains, sent us the following statement:

“We were informed about this vulnerability earlier this year and immediately fixed it in TeamCity 2023.05.4 update, which was released on September 18, 2023. Since then, we have been contacting our customers directly or via public posts motivating them to update their software. We also released a dedicated security patch for organizations using older versions of TeamCity that they couldn’t upgrade in time. In addition, we have been sharing the best security practices to help our customers strengthen the security of their build pipelines. As of right now, according to the statistics we have, fewer than 2% of TeamCity instances still operate unpatched software, and we hope their owners patch them immediately. This vulnerability only affects the on-premises instances of TeamCity, while our cloud version was not impacted.”

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : The Register – https://go.theregister.com/feed/www.theregister.com/2023/12/14/russia_joins_north_korea_cybercity/

Tags: joinsRussiatechnology
Previous Post

Suffering from tab overload? Vivaldi unveils Session Panels

Next Post

Intel wants to run AI on CPUs and says its 5th-gen Xeons are ones to do it

House panel wrangles on rail safety technology – FreightWaves

House panel wrangles on rail safety technology – FreightWaves

June 26, 2025
The Desert Sun unveils its Top Spring Athletes: History-makers and record-breakers – The Desert Sun

Meet This Spring’s Top Athletes: History-Makers and Record-Breakers Revealed!

June 26, 2025
HUD to move into the National Science Foundation headquarters, no current plan on where to relocate NSF employees – Government Executive

HUD to move into the National Science Foundation headquarters, no current plan on where to relocate NSF employees – Government Executive

June 25, 2025

Protecting the Boundless Future of U.S. Science: Tackling Tomorrow’s Challenges Today

June 25, 2025
LVMH’s Paris Olympics partnership wins Luxury and Lifestyle Grand Prix – Ad Age

LVMH Shines Bright with Luxury and Lifestyle Victory at Paris Olympics Partnership

June 25, 2025
Why the Strait of Hormuz, A Vital Oil Route, Is Vulnerable to Israel-Iran Conflict – The New York Times

Why the Strait of Hormuz, A Vital Oil Route, Is Vulnerable to Israel-Iran Conflict – The New York Times

June 25, 2025
Dying honey bees are threatening California’s economy. Can Central Valley lawmakers save them? – CalMatters

Dying honey bees are threatening California’s economy. Can Central Valley lawmakers save them? – CalMatters

June 25, 2025
Butler launches sports, entertainment institute focused on local events – Inside INdiana Business

Butler Launches Exciting New Sports and Entertainment Institute Spotlighting Local Events

June 25, 2025
Expert panel picked by RFK Jr. will scrutinize the vaccine schedule for kids – NPR

Expert panel picked by RFK Jr. will scrutinize the vaccine schedule for kids – NPR

June 25, 2025
What Is a Democratic Socialist? – The New York Times

What Is a Democratic Socialist? – The New York Times

June 25, 2025

Categories

Archives

June 2025
MTWTFSS
 1
2345678
9101112131415
16171819202122
23242526272829
30 
« May    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (698)
  • Economy (717)
  • Entertainment (21,612)
  • General (15,566)
  • Health (9,756)
  • Lifestyle (722)
  • News (22,149)
  • People (719)
  • Politics (724)
  • Science (15,935)
  • Sports (21,214)
  • Technology (15,703)
  • World (697)

Recent News

House panel wrangles on rail safety technology – FreightWaves

House panel wrangles on rail safety technology – FreightWaves

June 26, 2025
The Desert Sun unveils its Top Spring Athletes: History-makers and record-breakers – The Desert Sun

Meet This Spring’s Top Athletes: History-Makers and Record-Breakers Revealed!

June 26, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version