TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks

Multiple threat actors are actively exploiting the critical JetBrains TeamCity vulnerability (CVE-2024-27198, CVSS 9.8) to bypass authentication and gain administrative access, enabling deployment of ransomware (including Jasmin and BianLian activity), XMRig cryptocurrency miners, Cobalt Strike beacons, and the Spark RAT; organizations using TeamCity are advised to patch immediately. The report also highlights broader ransomware trends, affiliate/RaaS behavior, and defense-evasion TTPs such as BYOVD and living-off-the-land techniques.