Two North Korean state-backed threat groups, whom Microsoft is tracking as Diamond Sleet and Onyx Sleet, are actively exploiting CVE-2023-42793, a critical remote code execution (RCE) bug in on-premises versions of JetBrains TeamCity continuous integration and delivery server. Critical Authentication Bypass VulnerabilityBased on previous campaigns, Diamond Sleet presents a threat mainly to organizations in IT services, media, and defense-related sectors globally. "While the two threat actors are exploiting the same vulnerability, Microsoft observed Diamond Sleet and Onyx Sleet utilizing unique sets of tools and techniques following successful exploitation," Microsoft said. The software vendor described the vulnerability as enabling an unauthenticated attack to perform a RCE attack and gain administrative privileges on an affected, Internet-exposed TeamCity server. JetBrains released a fixed version of TeamCity (version 2023.05.4) at time of vulnerability disclosure and strongly urged organizations to upgrade to it, to mitigate exposure to the threat.

Source: The North Africa Journal October 20, 2023 02:26 UTC