Today, CISA—along with the U.S. Federal Bureau of Investigation (FBI), National Security Agency (NSA), Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK’s National Cyber Security Centre (NCSC)—released a joint Cybersecurity Advisory (CSA), Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally.
Since September 2023, Russian Foreign Intelligence Service (SVR)-affiliated cyber actors (also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard) have been targeting servers hosting JetBrains TeamCity software that ultimately enabled them to bypass authorization and conduct arbitrary code execution on the compromised server. The joint CSA provides information on the SVR’s most recent compromise, actionable indicators of compromise (IOCs), and SIGMA and YARA rules.
The authoring agencies encourage network defenders and organizations review the joint CSA for recommended mitigations and rules. For more information on affiliated advanced persistent threats, see CISA’s Advanced Persistent Threats and Nation-State Actors and Russia Cyber Threat Overview and Advisories webpages. For more guidance to protect against the most common and impactful threats, visit CISA’s Cross-Sector Cybersecurity Performance Goals.
The purpose of this Alert is to provide resources for organizations with Cisco Software-Defined Wide-Area…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
Newly disclosed vulnerability Common Vulnerabilities and Exposures (CVE)-2026-24858 [Common Weakness Enumeration (CWE)-288: Authentication Bypass Using…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
This website uses cookies.