US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers

US, UK Warn of Russian APT29 Hackers Targeting Zimbra, TeamCity Servers

In a joint alert issued today, cyber agencies in the United States and United Kingdom warned that Russian hackers linked to the country’s Foreign Intelligence Service (SVR) are targeting vulnerable Zimbra and JetBrains TeamCity servers “at a mass scale.” The warning comes as the two countries continue to see an increase in cyber attacks from Russia, with APT29 being one of the most active groups.

APT29, also known as Cozy Bear, is a highly sophisticated hacking group that has been linked to the SVR. The group is known for using advanced techniques to breach networks and steal sensitive information. In the past, APT29 has targeted organizations in the energy, finance, and healthcare sectors, as well as think tanks and non-governmental organizations.

According to the alert issued by the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC), APT29 is now targeting Zimbra and TeamCity servers that are not properly secured. Zimbra is an open-source email collaboration software, while TeamCity is a continuous integration and continuous deployment (CI/CD) platform.

The alert states that APT29 is using a combination of phishing emails and exploitation of known vulnerabilities to gain access to target networks. Once inside, the hackers are able to move laterally across the network, stealing sensitive data and implanting malware to maintain persistence.

The US and UK agencies warned that the attacks are “ongoing” and urged organizations to take immediate action to protect themselves. This includes applying security patches, enforcing strong passwords, and implementing multi-factor authentication.

“We recommend that organizations take a proactive approach to protecting their networks and data,” said a spokesperson for CISA. “This includes regularly updating software and operating systems, using strong passwords, and monitoring network activity for suspicious behavior.”

The NCSC added that organizations should also be aware of the potential for supply chain attacks, as APT29 has been known to target third-party vendors and service providers.

“Supply chain attacks are a significant concern, as they can allow attackers to gain access to multiple organizations through a single vulnerability,” said an NCSC spokesperson. “We urge organizations to carefully vet their third-party vendors and ensure that they are taking appropriate security measures.”

The alert comes at a time of increased tensions between Russia and the West, with many experts warning of an uptick in Russian cyber attacks. In recent months, Russia has been accused of launching cyber attacks against several countries, including the United States, Ukraine, and Poland.

In response to the alert, many organizations have already begun taking steps to protect themselves from APT29. This includes implementing additional security measures, such as intrusion detection systems and advanced threat protection software.

“We take the threat of cyber attacks very seriously,” said a spokesperson for a large financial institution. “We have implemented a range of security measures to protect our networks and data, and we will continue to work closely with government agencies to stay ahead of emerging threats.”

The alert is a reminder that cyber security is an ongoing concern for organizations of all sizes. As the threat landscape continues to evolve, it is essential that organizations stay vigilant and take proactive steps to protect themselves from emerging threats.

In conclusion, the joint alert issued by US and UK cyber agencies highlights the ongoing threat posed by APT29 hackers linked to Russia’s SVR. The group’s targeting of vulnerable Zimbra and TeamCity servers is a reminder that organizations must remain vigilant in protecting their networks and data. By taking proactive steps to secure their systems and staying informed about emerging threats, organizations can minimize the risk of falling victim to cyber attacks.