Given this, Microsoft assesses that this activity poses a particularly high risk to organizations who are affected.
In past operations, Diamond Sleet and other North Korean threat actors have successfully carried out software supply chain attacks by infiltrating build environments. TeamCity is a continuous integration/continuous deployment (CI/CD) application used by organizations for DevOps and other software development activities.
Since early October 2023, Microsoft has observed two North Korean nation-state threat actors – Diamond Sleet and Onyx Sleet – exploiting CVE-2023-42793, a remote-code execution vulnerability affecting multiple versions of JetBrains TeamCity server. Microsoft Defender Vulnerability ManagementĪttacker techniques, tools, and infrastructure Microsoft Purview Data Lifecycle Management.Microsoft Purview Information Protection.Information protection Information protection.Microsoft Priva Subject Rights Requests.Microsoft Purview Communication Compliance.Microsoft Purview Insider Risk Management.Risk management & privacy Risk management & privacy.Microsoft Intune Endpoint Privilege Management.Endpoint security & management Endpoint security & management.Microsoft Defender External Attack Surface Management.Microsoft Defender Cloud Security Posture Mgmt.Microsoft Defender Vulnerability Management.Microsoft Entra ID (Azure Active Directory).
