Russian Hackers Target JetBrains Software Server For Potential SolarWinds Style Spy Operations

Illustration of world hackers masya (photo: Doc. pexels)

JAKARTA - United States officials have revealed that Russian hackers are targeting servers that store outdated versions of software created by Czech technology company JetBrains for potential SolarWinds-style spy operations.

In a statement, the United States National Security Agency (NSA), the FBI, and CISA's cyber surveillance agency accused hackers, sometimes referred to as Cozy Bear or APT29, of trying to take over servers in an effort to access software developer source code, which could allow them to manipulate the compilation process or its deployment.

A similar technique is used to manipulate software made by US software company SolarWinds. This spy cyber campaign led to a serious wave of security breaches in the government discovered in 2019.

In a statement, Prague-based JetBrains said it had fixed its vulnerability affecting TeamCity's collaborative software development tools in September and had been contacting their customers since then in the hope of "encourage them to update."

Programs like TeamCity - which helps manage the software development process of other companies - have the potential to become the ideal stepping stone for hackers who want to hack more targets at once.

Securing such widespread access has become a top priority for APT29, which Western officials and private cybersecurity firms have acted on behalf of Russia's Foreign Intelligence Agency, SVR. They are generally considered to be one of the country's elite hacker groups.

The US statement said that the US and its allies had identified "a few dozen affected companies" in the United States, Europe, Asia, and Australia. The statement said the companies had little in common except that they used the outdated and vulnerable versions of JetBrains exposed on the internet, suggesting the hack was "oportunic and non-necessarily targeted attack."

The statement was jointly signed by the United Kingdom's National Cyber Security Center as well as the Military Counterintelligence Service and the Polish Computer Emergency Response Team.