Carding 4 Carders
Professional
Despite the fix, the flaw is actively used to hack corporate networks.
Microsoft warns that North Korean hacking groups Lazarus and Andariel are exploiting a vulnerability in TeamCity servers to deploy malware to compromise the software supply chain.
TeamCity is a continuous integration and deployment server that organizations use as part of their software development infrastructure.
In September, TeamCity fixed the critical vulnerability CVE-2023-42793 (CVSS: 9.8), which allowed an unauthorized attacker to execute code remotely. Despite the rapid patching of the vulnerability, cybercriminals began exploiting the flaw to break into corporate networks.
According to a Microsoft report, Lazarus (Diamond Sleet, ZINC) and Andariel (Onyx Sleet, PLUTONIUM) groups are actively exploiting the CVE-2023-42793 vulnerability. Although the ultimate goal of the attacks is still unknown, experts suggest that it may be to conduct attacks on software vendors.
After hacking the TeamCity server, cybercriminals use various methods to deploy malware and gain permanent access to the infected network. In particular, Lazarus uses the ForestTiger malware as a backdoor to execute commands on a compromised server. ForestTiger allows hackers to have permanent and hidden access to the system. In turn, Andariel creates an administrative account on the compromised server, which allows you to collect system information and execute commands.
Microsoft shared more detailed technical information about all identified types of attacks, including indicators of compromise.
Microsoft warns that North Korean hacking groups Lazarus and Andariel are exploiting a vulnerability in TeamCity servers to deploy malware to compromise the software supply chain.
TeamCity is a continuous integration and deployment server that organizations use as part of their software development infrastructure.
In September, TeamCity fixed the critical vulnerability CVE-2023-42793 (CVSS: 9.8), which allowed an unauthorized attacker to execute code remotely. Despite the rapid patching of the vulnerability, cybercriminals began exploiting the flaw to break into corporate networks.
According to a Microsoft report, Lazarus (Diamond Sleet, ZINC) and Andariel (Onyx Sleet, PLUTONIUM) groups are actively exploiting the CVE-2023-42793 vulnerability. Although the ultimate goal of the attacks is still unknown, experts suggest that it may be to conduct attacks on software vendors.
After hacking the TeamCity server, cybercriminals use various methods to deploy malware and gain permanent access to the infected network. In particular, Lazarus uses the ForestTiger malware as a backdoor to execute commands on a compromised server. ForestTiger allows hackers to have permanent and hidden access to the system. In turn, Andariel creates an administrative account on the compromised server, which allows you to collect system information and execute commands.
Microsoft shared more detailed technical information about all identified types of attacks, including indicators of compromise.
