October 10 2024 By Sergiu Gatlan
U.S. and U.K. cyber agencies warned today that APT29 hackers linked to Russia's Foreign Intelligence Service (SVR) target vulnerable Zimbra and JetBrains TeamCity servers "at a mass scale."
A joint advisory issued by the NSA, the FBI, the U.S. Cyber Command's Cyber National Mission Force (CNMF), and the U.K.'s NCSC warns network defenders to patch exposed servers to block these ongoing attacks.
The four cyber agencies said the hacking group targets unpatched Zimbra and TeamCity servers exposed online "at a mass scale to target victims worldwide across a variety of sectors " using CVE-2022-27924 and CVE-2023-42793 exploits.
CVE-2022-27924 has been exploited since at least August 2022 to steal email account credentials from unpatched Zimbra Collaboration instances, while CVE-2023-42793 was exploited by both ransomware gangs and North Korean hacking groups for initial access and attempted supply-chain attacks.