Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally

### Executive summary A joint advisory from multiple national CERTs and agencies attributes an active campaign to the Russian SVR (APT29) exploiting CVE-2023-42793 in unpatched JetBrains TeamCity servers since September 2023 to gain high-privilege code execution, deploy GraphicalProton backdoors (HTTP/OneDrive/Dropbox variants), bypass EDR/AV using EDRSandBlast and vulnerable drivers, exfiltrate sensitive files and registry hives, and establish persistent access; the report includes IOCs, detection rules (Sigma/YARA), MITRE ATT&CK mappings, and mitigation recommendations such as patching TeamCity, assuming compromise if unpatched, and initiating threat hunting.