Skip to content

Open-source ransomware, RATs deployed on compromised TeamCity servers

Posted by:
< 1 min read

March 20, 2024 – Published on SC Magazine

A JetBrains TeamCity authentication bypass vulnerability is being leveraged to deploy open-source ransomware, remote access tools (RATs), cryptominers and Cobalt Strike beacons. The critical vulnerability, tracked as CVE-2024-27198, along with a high-severity directory traversal flaw tracked as CVE-2024-27199, were fixed and disclosed by JetBrains on March 4.

CVE-2024-27198 has also been used by the ransomware gang BianLian, as reported by GuidePoint Security researchers last week. BianLian used living-off-the-land tactics to deploy a novel backdoor, and also targeted TeamCity CVE-2023-42693, which was patched last September.

Read More HERE.

Categories: Incident Response & Threat Intelligence
Tags:GRITransomware

GuidePoint Security

BianLian GOs for PowerShell After TeamCity Exploitation
Contributors: Justin Timothy, Threat Intelligence Consultant, Gabe Renfro, DFIR Advisory Consultant, Keven Murphy, DFIR Principal Consultant Introduction Ever since Avast […]
View Page

Related Articles

View All

  • Threat Advisory
BianLian GOs for PowerShell After TeamCity Exploitation
Posted by: Drew Schmitt
Read More 9 min read
  • Incident Response & Threat Intelligence
A Review: 2023 Annual GRIT Ransomware Report
Read More < 1 min read
  • Incident Response & Threat Intelligence
TeamCity vulnerabilities leveraged in new BianLian ransomware attacks
Read More < 1 min read