TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 [Tuesday, January 23, 2024]

On September 6, 2023, researchers from Sonar discovered a critical TeamCity On-Premises vulnerability (CVE-2023-42793[1]) issue.[2] TeamCity is a b...
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 [Tuesday, January 23, 2024]
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793
Report

TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793

Description :
On September 6, 2023, researchers from Sonar discovered a critical TeamCity On-Premises vulnerability (CVE-2023-42793[1]) issue.[2] TeamCity is a build management and continuous integration server from JetBrains[3]. On September 27, 2023, a public exploit for this vulnerability was released by Rapid7[4]. This critical vulnerability was given a CVE score of 9.8, most likely because an attacker can deploy the publicly available exploit without authentication supporting remote code execution on the victim server using a basic web request to any accessible web server hosting the vulnerable application. This vulnerability has been observed being actively exploited in the wild and was added to CISA's 'Known Exploited Vulnerabilities Catalog' on October 4, 2023.

Published Created Modified
2024-01-23 17:01:09 2024-01-23 17:01:09 2024-01-23 18:01:39

Tags

Indicators

IPv4s :
  • 45.133.7.124
  • 195.246.120.4
  • 45.138.16.63
  • 43.248.34.77
  • 45.133.7.154
  • 45.133.7.156
  • 167.114.3.69
  • 20.222.6.225
  • 103.89.13.155
  • 212.113.106.100
  • 154.26.133.111
  • 104.207.152.236
  • 45.133.7.129
  • 103.76.128.34
  • 194.38.22.53
Hashes :
  • 6115710dc8a04faab01d5e07c916ee20b630b49dc85e87376444b757d8a97825
  • fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5
  • d88fbe100874149e0059203fc1873958cde569deae66e1d934083006a4d5a258
  • 30b905003767bd8a2a5846f62fac332a12acb37f6c5eb393b25ac14a900b9f64
  • 8afb71b7ce511b0bce642f46d6fc5dd79fad86a58223061b684313966efef9c7
  • cb83e5cb264161c28de76a44d0edb450745e773d24bec5869d85f69633e44dcf
  • 4ee70128c70d646c5c2a9a17ad05949cb1fbf1043e9d671998812b2dce75cf0f
  • 620d2bf14fe345eef618fdd1dac242b3a0bb65ccb75699fe00f7c671f2c1d869
  • ebe231c90fad02590fc56d5840acc63b90312b0e2fee7da3c7606027ed92600e
  • 773f0102720af2957859d6930cd09693824d87db705b3303cef9ee794375ce13
  • 7b666b978dbbe7c032cef19a90993e8e4922b743ee839632bfa6d99314ea6c53
Intrusion set :
  • APT29
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.