U.S. and U.Okay. cyber companies warned as we speak that APT29 hackers linked to Russia’s Overseas Intelligence Service (SVR) goal weak Zimbra and JetBrains TeamCity servers “at a mass scale.”
A joint advisory issued by the NSA, the FBI, the U.S. Cyber Command’s Cyber Nationwide Mission Pressure (CNMF), and the U.Okay.’s NCSC warns community defenders to patch uncovered servers to dam these ongoing assaults.
The 4 cyber companies mentioned the hacking group targets unpatched Zimbra and TeamCity servers uncovered on-line “at a mass scale to focus on victims worldwide throughout a wide range of sectors ” utilizing CVE-2022-27924 and CVE-2023-42793 exploits.
CVE-2022-27924 has been exploited since at the very least August 2022 to steal electronic mail account credentials from unpatched Zimbra Collaboration situations, whereas CVE-2023-42793 was exploited by each ransomware gangs and North Korean hacking teams for preliminary entry and tried supply-chain assaults.
“Based mostly on the SVR cyber actors’ TTPs and former focusing on, the authoring companies assess they’ve the potential and curiosity to use further CVEs for preliminary entry, distant code execution, and privilege escalation,” they added.
The advisory lists two dozen vulnerabilities disclosed and glued during the last six years and asks defenders to deploy safety patches and apply mitigations to stop safety breaches.
Additionally tracked as Cozy Bear, Midnight Blizzard (previously Nobelium), and the Dukes, this SVR hacking group has been focusing on authorities and personal organizations throughout the US and Europe for years.
The NSA, FBI, and CISA issued the same advisory greater than three years in the past, in April 2021, after the APT29 hackers breached a number of U.S. federal companies following the SolarWinds supply-chain assault they orchestrated.
In addition they hacked into NATO nations’ Microsoft 365 accounts to steal international policy-related information and breached the Trade On-line accounts of Microsoft executives and different firms in November 2023.
Extra just lately, the 5 Eyes (FVEY) intelligence alliance warned in February that APT29 had additionally began focusing on potential victims’ cloud companies.
“This exercise is a world menace to the federal government and personal sectors and requires thorough assessment of safety controls, together with prioritizing patches and preserving software program updated,” mentioned NSA Cybersecurity Director Dave Luber.
“Our up to date steering will assist community defenders detect these intrusions and guarantee they’re taking steps to safe their methods.”