Targeting of organizations using JetBrains software

Date of report

December 2023

Affiliations

The Dukes

The Dukes, a threat actor associated with the Russian SVR intelligence agency, were detected using a previously undetected vulnerability in TeamCity, a product used to test and exchange software code before releasing it, to gain access to organizations’ networks. The attacks appear to have been opportunistic, as the Dukes targeted any vulnerable network, rather than targeting a certain company or industry.

Suspected victims

Software companies, medical device manufacturers, marketing firms, web hosting companies, and information technology companies.

Suspected state sponsor

Russian Federation

Type of incident

Espionage

Target category

Private sector

Victim government reaction

Unknown

Policy response

Unknown

Suspected state sponsor response

Unknown

Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally
Russian foreign intelligence service spotted exploiting JetBrains vulnerability

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events