Russian APT29 Group Targets Zimbra and JetBrains TeamCity Servers

October 13, 2024

APT29, a cyber espionage group associated with Russia, is actively exploiting vulnerabilities in Zimbra and JetBrains TeamCity servers. This large-scale operation has prompted warnings from cyber agencies in the U.S. and U.K. The FBI, NSA, Cyber National Mission Force (CNMF), and the U.K.'s National Cyber Security Centre (NCSC-UK) have jointly issued a Cybersecurity Advisory (CSA) to alert about the tactics, techniques, and procedures (TTPs) used by the Russian Federation’s Foreign Intelligence Service (SVR) in recent cyber operations.

Since April 2021, these state-sponsored hackers from Russia have been exploiting vulnerabilities, specifically CVE-2022-27924 in Zimbra for command injection to steal credentials and emails, and CVE-2023-42793 in JetBrains TeamCity for arbitrary code execution through an authentication bypass. These exploits have been used in attacks against organizations in various sectors worldwide. This has enabled the APT group to gain access to sensitive data and establish infrastructure for continuous data collection.

The joint advisory from the agencies stated, “SVR cyber actors have exploited vulnerabilities at a mass scale to target victims worldwide across a variety of sectors”. The advisory also includes a list of known vulnerabilities that need immediate attention. The agencies have warned that the Russian APT29 group possesses the ability and intention to exploit more CVEs for initial access, remote code execution, and privilege escalation. The advisory strongly recommends that organizations apply patches issued by vendors for these publicly disclosed vulnerabilities.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.