Skip to content

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

Posted by:
< 1 min read

March 20, 2024 – Published on Security Affairs

Multiple threat actors are exploiting the recently disclosed JetBrains TeamCity flaw CVE-2024-27198 in attacks in the wild. Trend Micro researchers are exploiting the recently disclosed vulnerabilities CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score 7.3) security flaws in JetBrains TeamCity to deploy multiple malware families and gain administrative control over impacted systems.

In early March, researchers from GuidePoint Security observed BianLian ransomware exploiting vulnerabilities in JetBrains TeamCity software in recent attacks.

The experts also observed several attempts to discover network infrastructure and employ persistence commands arising from the java.exe process under a vulnerable TeamCity server directory.

Read More HERE.

Categories: Incident Response & Threat Intelligence
Tags:GRITransomware

GuidePoint Security

BianLian GOs for PowerShell After TeamCity Exploitation
Contributors: Justin Timothy, Threat Intelligence Consultant, Gabe Renfro, DFIR Advisory Consultant, Keven Murphy, DFIR Principal Consultant Introduction Ever since Avast […]
View Page

Related Articles

View All

  • Threat Advisory
BianLian GOs for PowerShell After TeamCity Exploitation
Posted by: Drew Schmitt
Read More 9 min read
  • Incident Response & Threat Intelligence
Threat actors actively exploit JetBrains TeamCity flaws to deliver malware
Read More < 1 min read
  • Incident Response & Threat Intelligence
A Review: 2023 Annual GRIT Ransomware Report
Read More < 1 min read