Recently, CISA, along with the National Cyber Security Centre (NCSC) of the United Kingdom, the Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the Federal Bureau of Investigation (FBI) of the United States published a report regarding the Russian Foreign Intelligence Service (SVR)-affiliated cyber actors exploiting the CVE-2023-42793 that allow an unauthenticated malicious actor to execute arbitrary code on the TeamCity server remote code. As per CISA, Since September 2023, Russian SVR cyber operatives going by the names APT 29, the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard have been widely using CVE-2023-42793 to target JetBrains TeamCity software servers to advance its privileges, traverse sideways, install more backdoors, and undertake further actions to secure continuous and enduring access to the compromised network environments.

Source: LogPoint