Skip to content

Recent TeamCity Vulnerability Exploited in Ransomware Attacks

Posted by:
< 1 min read

March 11, 2024 – Published on SecurityWeek

A TeamCity vulnerability disclosed recently in controversial circumstances is being exploited in ransomware attacks, according to the product’s developer and cybersecurity companies. 

On March 4, JetBrains, the developer of the TeamCity build management and continuous integration server, announced fixes for CVE-2024-27198 and CVE-2024-27199, two serious authentication bypass vulnerabilities. 

CVE-2024-27198, which has been rated critical, can be exploited by remote, unauthenticated attackers to take complete control of a server by creating a new admin user account or by generating an admin access token. 

More information has now come to light on what attackers are actually doing. GuidePoint Security reported on Friday that a ransomware group named BianLian, which has been known to target critical infrastructure, may have exploited CVE-2024-27198 for initial access (it’s possible that the cybercriminals exploited a different TeamCity flaw). 

Read More HERE.

Categories: Incident Response & Threat Intelligence
Tags:GRITransomware

GuidePoint Security

BianLian GOs for PowerShell After TeamCity Exploitation
Contributors: Justin Timothy, Threat Intelligence Consultant, Gabe Renfro, DFIR Advisory Consultant, Keven Murphy, DFIR Principal Consultant Introduction Ever since Avast […]
View Page

Related Articles

View All

  • Threat Advisory
BianLian GOs for PowerShell After TeamCity Exploitation
Posted by: Drew Schmitt
Read More 9 min read
  • Incident Response & Threat Intelligence
BianLian Ransomware Strikes Lindsay Municipal Hospital: Another US Institution Under Attack
Read More < 1 min read
  • Incident Response & Threat Intelligence
BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks
Read More < 1 min read