Ransomware thugs target JetBrains TeamCity in cyberattack

1 min read


Security researchers have identified active exploit attempts targeting JetBrains’ TeamCity software with ransomware. More than 1,000 servers remain unpatched and vulnerable to these attacks. The vulnerabilities, one critical and one high-severity, are being exploited in the wild, leading to concerns about software supply chain attacks. The uncoordinated disclosure of the vulnerabilities between JetBrains and Rapid7 has caused confusion within the cybersecurity community.

JetBrains TeamCity under attack by ransomware thugs

Security researchers have reported that JetBrains’ TeamCity software is currently under attack by ransomware thugs. More than 1,000 servers running unpatched versions of TeamCity are vulnerable to these attacks. The vulnerabilities being exploited are one critical and one high-severity, making software supply chain attacks a significant concern.

Ransomware attackers are taking advantage of these vulnerabilities to deploy ransomware, including a suspected modified version of Jasmin ransomware. Previous variants of this ransomware tool have been used for malicious purposes, locking victims out of their files and demanding unconventional ransom payments.

Exploitation of these vulnerabilities is widespread, with attackers breaking into CI/CD servers and creating hundreds of accounts for future malicious activities. The usernames being registered post-exploit are random alphanumeric characters, serving as an indicator of compromise if spotted in a TeamCity instance.

JetBrains’ handling of the disclosure of these vulnerabilities has caused some controversy within the cybersecurity community. The company wanted to provide its customers with time to apply patches before disclosing the full details of the vulnerabilities, while Rapid7’s policy is to publish vulnerabilities in full when patches are released. This differing approach to disclosure has led to confusion and debate among security experts.

For organizations using on-prem versions of TeamCity prior to 2023.11.4, applying the patches immediately is recommended to protect against potential attacks. The ongoing exploitation of these vulnerabilities highlights the importance of timely patching and coordinated disclosure within the cybersecurity community.

Previous Story

Bifrost Trojan dodges detection with sneaky Linux variants through typosquatting

Next Story

CISA fights cyber threats during election season with dedication and skill

Latest from News

US sanctions Kaspersky Lab for Russia ties

TLDR: The Biden administration announced sanctions against 12 executives and senior leaders of Kaspersky Lab, a Russia-based cybersecurity company. The Commerce Department banned Kaspersky