North Korean Hackers Exploiting Critical Flaw in DevOps Tool
North Korean nation-state threat actors are exploiting a critical remote code execution vulnerability affecting multiple versions of a DevSecOps tool - a high-risk development, especially in light of Pyongyang hackers' recent track record of supply chain hacks.
Researchers at Microsoft said Wednesday that North Korean nation-state threat actors tracked as Diamond Sleet and Onyx Sleet are exploiting a remote code execution vulnerability affecting multiple versions of the JetBrains TeamCity server.
JetBrains on Sept. 21 issued a critical security update to patch its TeamCity build management and continuous integration server. SonarSource first identified the flaw, tracked as CVE-2023-42793, and said that the vulnerability allows unauthenticated attackers to execute arbitrary code on the TeamCity on-premises server, which enables attackers to steal source code, service secrets and private keys (see: Ransomware Actors Exploit Critical Bug, Target DevOps Tool).