Development hacking PHP Security

JetBrains software Teamcity possibly used in Solarwinds hack

In a New York Times article released on January 6, 2021, JetBrains and their Continuous Integration / Continuous Deployment (CI/C) application Teamcity were confirmed to be used by recently hacked software company SolarWinds. JetBrains has officially denied any involvement or investigation from the government in this issue.

Officials are investigating whether the company, founded by three Russian engineers in the Czech Republic with research labs in Russia, was breached and used as a pathway for hackers to insert back doors into the software of an untold number of technology companies. 

https://www.nytimes.com/2021/01/06/us/politics/russia-cyber-hack.html

This begs the question, was a known vulneralbility used or could this be another 0 day possibly offered by the illusive Shadow Brokers? Taking a look at released CVEs for TeamCity, one gets the understanding that XSS and Remote Code Execution are very common threat vectors used when compromising TeamCity.

https://www.cvedetails.com/vulnerability-list/vendor_id-15146/product_id-30795/Jetbrains-Teamcity.html

“JetBrains said on Wednesday that it had not been contacted by government officials and was not aware of any compromise. The exact software that investigators are examining is a JetBrains product called TeamCity, which allows developers to test and exchange software code before its release. By compromising TeamCity, or exploiting gaps in how customers use the tool, cybersecurity experts say the Russian hackers could have inconspicuously planted back doors in an untold number of JetBrain’s clients.”

Even though no contact had been made by government officials, a system like TeamCity, when implimented properly, is by nature involved 100% in the development and deployment of their software. Any vulnerability allowing for remote code to be executed would be suspect to investigation.

https://nvd.nist.gov/vuln/detail/CVE-2019-15848

Leave a Reply

Your email address will not be published. Required fields are marked *