North Korean hackers targeting TeamCity vulnerability

Attacks exploiting a vulnerability impacting JetBrains TeamCity continuous integration and deployment servers, tracked as CVE-2023-42793, have been launched by North Korean state-sponsored threat operations Diamond Sleet and Onyx Sleet, reports The Record, a news site by cybersecurity firm Recorded Future. Different tools and techniques have been used by the hacking groups following successful compromise, with backdoors enabling persistent access leveraged by Diamond Sleet and Onyx Sleet establishing new user accounts with admin privileges to facilitate credential and browser data exfiltration efforts, according to a Microsoft report. Such findings come weeks after Diamond Sleet-linked hackers were noted by Microsoft to have been targeting open-source software. Numerous organizations around the world, including those in Russia, have been previously attacked by Diamond Sleet. On the other hand, Onyx Sleet has been associated with the H0lyGh0st ransomware used in attacks against small businesses two years ago, as well as intrusions against financial and manufacturing organizations.