US authorities warn Russian hackers exploit weaknesses in Czech company's software
Russian hackers have been taking advantage of a point of vulnerability in a widely-used piece of software made by the Czech company JetBrains, the US National Security Agency (NSA), the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have said in a joint statement. The three organisations worked with Polish military intelligence and the UK's National Cyber Security Centre (NCSC) to assess the problem.
The report concerns a program called TeamCity, which is used by software developers all over the world. The US authorities warn that by exploiting this weakness in the software, malicious actors can gain access to the developer's source code and implant their own malicious code, which unsuspecting users then install on their computers as part of their regular updates. This then gives the hackers permanent access to the networks, systems and supply chain operations of the targeted organisations.
The company behind the software, JetBrains, told the Czech News Agency that it was aware of the vulnerability and had fixed it in a program update released in September. They added that according to available statistics, less than two percent of users are running the unpatched software.
JetBrains was founded in Prague in 2000 by three Russian programmers, and over the next 20 years grew to over 1,000 employees. Big-name firms and organisations like Google, Samsung, Volkswagen and NASA have used its software in the past.