1 min read

Russian "Sandworm" Hackers Attacking Exim Email Servers, Says NSA

Liviu ARSENE

May 29, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Russian "Sandworm" Hackers Attacking Exim Email Servers, Says NSA

An advanced Russian government cyber-espionage unit has been exploiting a known Exim email server vulnerability since August 2019, according to an NSA security alert.

The NSA said the Russian hackers are part of the GRU Main Center for Special Technologies (GTsST), field post number 74455, and it believes the group has been leveraging the unpatched critical vulnerability (CVE-2019-10149) in Exim servers to gain remote control over affected machines and potentially conduct espionage operations.

While the patch for addressing the vulnerability introduced in Exim version 4.87 has been available since June 5, 2019, many systems likely remain unpatched. By exploiting it, attackers gain the ability to add privileged users, alter network security settings, modify SSH configuration for remote access, and even deploy additional exploitation tools.

“When CVE-2019-10149 is successfully exploited, an actor is able to execute code of their choosing,” reads the NSA security alert. “When Sandworm exploited CVE-2019-10149, the victim machine would subsequently download and execute a shell script from a Sandworm-controlled domain.”

The group, known as “Sandworm,” is believed to have also developed the BlackEnergy malware responsible for Ukraine”s power outage in 2015 and 2016, and the NotPetya ransomware that targeted Ukraine in June 2017.

While it is unclear what damages the attacks could have inflicted or what public or private organizations might have been targeted, it is not the first time the NSA hasn”t shied away from pointing the finger at Russian, Chinese, Iranian, and North Korean operations.

The advisory also urges IT security and administrators to patch their systems, deploy defense-in-depth strategies and use network-based security appliances capable of detecting and blocking exploits.

“Update Exim immediately by installing version 4.93 or newer to mitigate this and other vulnerabilities. Other vulnerabilities exist and are likely to be exploited, so the latest fully patched version should be used,” warns the NSA security alert.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read
Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find
Silviu STAHIE

November 29, 2022

1 min read
Apple Users Report Seeing Other People's Photos When Using iCloud for Windows Apple Users Report Seeing Other People's Photos When Using iCloud for Windows
Silviu STAHIE

November 25, 2022

1 min read