Open-source ransomware, RATs deployed on compromised TeamCity servers
< 1 min read
March 20, 2024 – Published on SC Magazine
A JetBrains TeamCity authentication bypass vulnerability is being leveraged to deploy open-source ransomware, remote access tools (RATs), cryptominers and Cobalt Strike beacons. The critical vulnerability, tracked as CVE-2024-27198, along with a high-severity directory traversal flaw tracked as CVE-2024-27199, were fixed and disclosed by JetBrains on March 4.
CVE-2024-27198 has also been used by the ransomware gang BianLian, as reported by GuidePoint Security researchers last week. BianLian used living-off-the-land tactics to deploy a novel backdoor, and also targeted TeamCity CVE-2023-42693, which was patched last September.
Read More HERE.