* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Wednesday, June 4, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Spotify & OpenAI: Will Gen AI ‘Hollow Out’ Entertainment? – Technology Magazine

    Will Generative AI Transform the Future of Entertainment

    Author Richard Russo Will Speak At Sandwich Town Hall – CapeNews.net

    Join Us for an Inspiring Evening with Author Richard Russo at Sandwich Town Hall!

    Entertainment Partners Acquires CASHét, Digital Payments Vendor for Productions – Variety

    Entertainment Partners Acquires CASHét, Digital Payments Vendor for Productions – Variety

    Salem’s Harborwalk Garden Cultivates Community with Entertainment, Food, and Events – 105.7 WROR

    Discover the Vibrant Community Spirit at Salem’s Harborwalk Garden: A Hub for Entertainment, Food, and Fun!

    Entertainment-Focused Narrative and Culture Change Practice – New America

    Transforming Culture Through Engaging Entertainment Narratives

    Rising stars: Young classical musicians surging on social media – Yahoo

    Meet the Next Generation of Classical Music Sensations Making Waves on Social Media!

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    When fiction becomes fact: 3 pieces of modern technology inspired by Star Trek – Redshirts Always Die

    From Screen to Reality: 3 Modern Technologies Inspired by Star Trek

    The Isfahan Center for Nuclear Technology – UCF, ZPP, and IRR10 – Alma Research and Education Center

    Exploring the Isfahan Center for Nuclear Technology: Innovations and Insights from UCF, ZPP, and IRR10

    Inside the tedious effort to tally AI’s energy appetite – MIT Technology Review

    Inside the tedious effort to tally AI’s energy appetite – MIT Technology Review

    Finland Set to Lead EU Quantum Technology Defense Project – IoT World Today

    Finland Set to Lead EU Quantum Technology Defense Project – IoT World Today

    AI for lawyers: Win back your time using technology – nationaljurist.com

    Reclaim Your Time: How AI is Transforming the Legal Profession

    Prosecutors accuse men of exporting U.S. military technology to China – Milwaukee Journal Sentinel

    Men Charged with Illegally Exporting U.S. Military Technology to China

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Spotify & OpenAI: Will Gen AI ‘Hollow Out’ Entertainment? – Technology Magazine

    Will Generative AI Transform the Future of Entertainment

    Author Richard Russo Will Speak At Sandwich Town Hall – CapeNews.net

    Join Us for an Inspiring Evening with Author Richard Russo at Sandwich Town Hall!

    Entertainment Partners Acquires CASHét, Digital Payments Vendor for Productions – Variety

    Entertainment Partners Acquires CASHét, Digital Payments Vendor for Productions – Variety

    Salem’s Harborwalk Garden Cultivates Community with Entertainment, Food, and Events – 105.7 WROR

    Discover the Vibrant Community Spirit at Salem’s Harborwalk Garden: A Hub for Entertainment, Food, and Fun!

    Entertainment-Focused Narrative and Culture Change Practice – New America

    Transforming Culture Through Engaging Entertainment Narratives

    Rising stars: Young classical musicians surging on social media – Yahoo

    Meet the Next Generation of Classical Music Sensations Making Waves on Social Media!

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    When fiction becomes fact: 3 pieces of modern technology inspired by Star Trek – Redshirts Always Die

    From Screen to Reality: 3 Modern Technologies Inspired by Star Trek

    The Isfahan Center for Nuclear Technology – UCF, ZPP, and IRR10 – Alma Research and Education Center

    Exploring the Isfahan Center for Nuclear Technology: Innovations and Insights from UCF, ZPP, and IRR10

    Inside the tedious effort to tally AI’s energy appetite – MIT Technology Review

    Inside the tedious effort to tally AI’s energy appetite – MIT Technology Review

    Finland Set to Lead EU Quantum Technology Defense Project – IoT World Today

    Finland Set to Lead EU Quantum Technology Defense Project – IoT World Today

    AI for lawyers: Win back your time using technology – nationaljurist.com

    Reclaim Your Time: How AI is Transforming the Legal Profession

    Prosecutors accuse men of exporting U.S. military technology to China – Milwaukee Journal Sentinel

    Men Charged with Illegally Exporting U.S. Military Technology to China

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Russia joins North Korea in sending state-sponsored cyber troops to pick on TeamCity users

December 14, 2023
in Technology
Russia joins North Korea in sending state-sponsored cyber troops to pick on TeamCity users
Share on FacebookShare on Twitter

Updated The offensive cyber unit linked to Russia’s Foreign Intelligence Service (SVR) is exploiting the critical vulnerability affecting the JetBrains TeamCity CI/CD server at scale, and has been since September, authorities warn.

The news came in an advisory issued by the US’ Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), the Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK’s National Cyber Security Centre (NCSC).

Announced in late September, the vulnerability, tracked as CVE-2023-42793 with a 9.8 severity score, can be seen as analogous to the one that facilitated the 2020 attack on SolarWinds – which claimed more than 18,000 victims.

The exploit in TeamCity could give attackers enough access to manipulate a software’s source code, sign certificates, and compile and deploy processes, the advisory says.

Although SVR has reportedly exploited servers since September, authorities have not gathered evidence to suggest they have used this access to launch attacks similar to the SolarWinds case.

However, the evidence suggests the access was used to plant additional backdoors in victim’s environments after attackers escalated their privileges and moved laterally around compromised networks.

Software supply chain attacks are particularly valuable for attackers given the potential for delivering malicious code that’s signed as “trusted” to an untold number of organizations.

North Korea is continually looking for opportunities in this area, recent reports revealed, and the country’s state-sponsored attackers were among the first to be observed exploiting CVE-2023-42793.

The authorities warned that although SolarWinds-like attacks have not yet been carried out as a result of the SVR’s TeamCity exploitation, they believe attackers are still in a preparatory phase and that more serious attacks may come further down the line.

Currently, the SVR’s priorities appear to be establishing a foothold in victims’ environments and deploying command and control (C2) infrastructure that’s difficult to detect – a sign of attackers laying the groundwork for future operations.

Legitimate services like Dropbox have been used to mask the SVR’s C2 traffic and malware-related data passing through these were obfuscated inside randomly generated BMP files.

Attackers were also spotted abusing OneDrive for the same purposes, but Microsoft has since confirmed this was disrupted.

This activity was spotted with the SVR’s use of the GraphicalProton backdoor, which itself was wrapped in numerous layers of encryption, obfuscation, encoders, and stagers.

The malware has remained largely unchanged in the months since the authorities began tracking it. However, different variants are being spotted, some with “noteworthy” packaging that use DLL hijacking in the open source monitoring tool Zabbix to begin execution and potentially facilitate long-term stealthy access to victims’ environments. 

Another variant also hides its activity within open source C++ build analysis tool vcperf.

Other post-exploitation activity has involved the deployment of the Mimikatz toolkit, enumerating victims’ Active Directories, disabling antivirus and EDR tools, and more.

The advisory contains an extensive list of recommended mitigations and indicators of compromise to help potential victims uncover any undetected activity.

The number of TeamCity users exploited by the SVR wasn’t disclosed, but the US, Polish and UK authorities say in the advisory that exploits are being carried out on “a large scale.”

Telemetry from Shadowserver indicates that nearly 800 TeamCity instances remain vulnerable to CVE-2023-42793 exploits as of this week, despite patches released by JetBrains in late September.

Aligned with Russia’s ambitions

The authorities say the attempts to exploit TeamCity on a large scale fit in with the country’s broad objectives in cyberspace, which have remained largely unchanged for the past ten years.

“Since 2013, cybersecurity companies and governments have reported on SVR operations targeting victim networks to steal confidential and proprietary information,” they say in the advisory. 

“A decade later, the authoring agencies can infer a long-term targeting pattern aimed at collecting, and enabling the collection of foreign intelligence, a broad concept that for Russia encompasses information on the politics, economics, and military of foreign states; science and technology; and foreign counterintelligence. The SVR also conducts cyber operations targeting technology companies that enable future cyber operations.”

For the past decade, the SVR has primarily relied on spear phishing (targeted phishing) methods to steal political, economic, scientific, and technological foreign intelligence. It was been known to target the likes of governments, think tanks and policy groups, educational institutions, and political organizations. 

The authorities also say it’s less common for the SVR to steal information by exploiting vulnerabilities and breaking into targets’ systems, though the group has extensive experience in the area.

Memory-safe languages so hot right now, agrees Lazarus Group as it slings DLang malware

Korean peninsula space race sees South and North launch tit for tat spy sats

North Korea makes finding a gig even harder by attacking candidates and employers

Industry piles in on North Korea for sustained rampage on software supply chains

Among the examples the agency cites is the 2020 case in which the SVR targeted organizations involved in the development of COVID-19 vaccines using the custom malware WellMess, WellMail, and Sorefang. 

In this week’s advisory, the spy agencies reveal for the first time that this malware was also used to target companies operating in the energy sector in addition to the biomedical sector, though few details were disclosed about this revelation.

It also cites SolarWinds, an attack that Microsoft’s Brad Smith famously branded the most sophisticated in history, the attribution for which didn’t come until the following year.

“This attribution marked the discovery that the SVR had, since at least 2018, expanded the range of its cyber operations to include the widespread targeting of information technology companies,” the authorities say. 

“At least some of this targeting was aimed at enabling additional cyber operations. Following this attribution, the US and UK governments published advisories highlighting additional SVR TTPs, including its exploitation of various CVEs, the SVR’s use of ‘low and slow’ password spraying techniques to gain initial access to some victims’ networks, exploitation of a zero-day exploit, and exploitation of Microsoft 365 cloud environments.” ®

Updated at 14.58 on Dece,ber 14, 2023, to add:

Yaroslav Russkih, head of security at JetBrains, sent us the following statement:

“We were informed about this vulnerability earlier this year and immediately fixed it in TeamCity 2023.05.4 update, which was released on September 18, 2023. Since then, we have been contacting our customers directly or via public posts motivating them to update their software. We also released a dedicated security patch for organizations using older versions of TeamCity that they couldn’t upgrade in time. In addition, we have been sharing the best security practices to help our customers strengthen the security of their build pipelines. As of right now, according to the statistics we have, fewer than 2% of TeamCity instances still operate unpatched software, and we hope their owners patch them immediately. This vulnerability only affects the on-premises instances of TeamCity, while our cloud version was not impacted.”

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : The Register – https://go.theregister.com/feed/www.theregister.com/2023/12/14/russia_joins_north_korea_cybercity/

Tags: joinsRussiatechnology
Previous Post

Suffering from tab overload? Vivaldi unveils Session Panels

Next Post

Intel wants to run AI on CPUs and says its 5th-gen Xeons are ones to do it

Altera Digital Health Collaborates With MCAG Amid $2.8B Blue Cross Blue Shield Provider Settlement – Business Wire

Altera Digital Health Teams Up with MCAG Following Major $2.8B Blue Cross Blue Shield Settlement

June 4, 2025
Appeals court upholds New York’s Reproductive Health Act – Spectrum News

Victory for Women’s Rights: Appeals Court Affirms New York’s Reproductive Health Act

June 4, 2025
When fiction becomes fact: 3 pieces of modern technology inspired by Star Trek – Redshirts Always Die

From Screen to Reality: 3 Modern Technologies Inspired by Star Trek

June 4, 2025
Busy summer sports slate includes Jake Paul vs. Julio Caesar Chavez, Canelo-Crawford bout – El Paso Times

Busy summer sports slate includes Jake Paul vs. Julio Caesar Chavez, Canelo-Crawford bout – El Paso Times

June 4, 2025
Experimental ecology and the balance between realism and feasibility in aquatic ecosystems – Nature

Experimental ecology and the balance between realism and feasibility in aquatic ecosystems – Nature

June 4, 2025
The Science of Scent: How Israeli Innovation is Redefining Perfume and Wellness – The Jerusalem Post

Unlocking the Power of Scent: How Israeli Innovations are Transforming Perfume and Wellness

June 4, 2025
Accidental discovery at New York planetarium unlocks secret into universe’s inner workings – PBS

Serendipitous Find at New York Planetarium Reveals Secrets of the Universe!

June 4, 2025
Lifestyle choices at 60 linked to dementia risk decades later, study shows – ABC News

How Your Lifestyle Choices at 60 Could Impact Dementia Risk Later in Life

June 4, 2025
GBH layoffs hit 45 staffers less than a month after World cuts – Current – For people in public media

GBH Cuts Deep: 45 Staff Members Laid Off Just Weeks After Major Restructuring

June 4, 2025
Washington state gets a $918M lift from international students – Axios

Washington State Reaps $918 Million Boost from International Students!

June 4, 2025

Categories

Archives

June 2025
MTWTFSS
 1
2345678
9101112131415
16171819202122
23242526272829
30 
« May    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (665)
  • Economy (679)
  • Entertainment (21,585)
  • General (15,261)
  • Health (9,722)
  • Lifestyle (682)
  • News (22,149)
  • People (680)
  • Politics (689)
  • Science (15,899)
  • Sports (21,184)
  • Technology (15,666)
  • World (666)

Recent News

Altera Digital Health Collaborates With MCAG Amid $2.8B Blue Cross Blue Shield Provider Settlement – Business Wire

Altera Digital Health Teams Up with MCAG Following Major $2.8B Blue Cross Blue Shield Settlement

June 4, 2025
Appeals court upholds New York’s Reproductive Health Act – Spectrum News

Victory for Women’s Rights: Appeals Court Affirms New York’s Reproductive Health Act

June 4, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version