teamcity-exploitation (Campaign)

[email protected] (Wiz Threat Research) 2024-03-19T00:00:00+00:00 View Original

Full Report

On 2024-03-19, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, while using LOLBin abuse, targeting TeamCity to achieve Resource hijacking, RansomOp. The following tools were observed: Jasmin, XMRig, Cobalt Strike, SparkRAT.

Analysis Summary