The JetBrains TeamCity software supply chain attack: Lessons learned

**Executive summary:** SVR-linked actors associated with the SunBurst campaign are actively exploiting a known TeamCity vulnerability (CVE-2023-42793) to compromise CI/CD servers, deploy the GraphicalProton backdoor, and leverage tools such as Mimikatz and DLL hijacking (via Zabbix) to escalate privileges and persist, creating significant software supply-chain risk; CISA has alerted organizations but patch uptake remains low, so teams should prioritize patching, binary analysis of builds, and stronger AppSec practices.