Attacks exploiting internet-exposed Zimbra and JetBrains TeamCity servers impacted by the CVE-2022-27924 and CVE-2023-42793 flaws, respectively, were disclosed by U.S. and UK cybersecurity agencies to have been deployed by Russian state-sponsored threat operation APT29, also known as Midnight Blizzard, Cozy Bear, and the Dukes, across several sectors worldwide, BleepingComputer reports.
Aside from the Zimbra and TeamCity vulnerabilities, APT29 could have also leveraged nearly two dozen other bugs, which should be immediately remediated, according to a joint alert from the National Security Agency, the U.S. Cyber Command's Cyber National Mission Force, the FBI, and the UK's National Cyber Security Centre. "This activity is a global threat to the government and private sectors and requires thorough review of security controls, including prioritizing patches and keeping software up to date. Our updated guidance will help network defenders detect these intrusions and ensure they are taking steps to secure their systems," said NSA Cybersecurity Director Dave Luber. Such a development comes months after APT29 was noted by the Five Eyes intelligence alliance to have transitioned to cloud service-targeted intrusions.
