"Russian Cyber Actors are Exploiting a Known Vulnerability with Worldwide Impact"

The National Security Agency (NSA), the FBI, and co-authoring agencies are warning that Russian Foreign Intelligence Service (SVR) cyber actors are exploiting a publicly known JetBrains TeamCity vulnerability to compromise victims. The agencies have released a Cybersecurity Advisory (CSA) titled "Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally," which describes the SVR actors' tactics, techniques, and procedures (TTPs), as well as technical details about their operations, indicators of compromise (IOCs), and mitigation recommendations for network defenders. The SVR cyber actors, also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard, have been targeting Internet-connected JetBrains TeamCity servers. According to the report, companies providing software for billing, medical devices, customer care, employee monitoring, financial management, marketing, sales, and video games have fallen victim to the SVR cyber actors' attacks. Victims also include hosting companies, tool manufacturers, small and large Information Technology (IT) companies, and an energy trade association. This article continues to discuss the CSA on the SVR actors. 

NSA reports "Russian Cyber Actors are Exploiting a Known Vulnerability with Worldwide Impact"

Submitted by grigby1