NSA Warns of Russian Military Hacker Attacks Exploiting Software Flaw

The United States cybersecurity agency is warning about Russian military hackers exploiting a critical software flaw that makes it possible to weaponize email.

“Russian military cyber actors, publicly known as Sandworm Team, have been exploiting a vulnerability in Exim mail transfer agent (MTA) software since at least last August,” the National Security Agency (NSA) said May 28 in a cybersecurity advisory.

Dubbed “the Kremlins most dangerous hackers” by author and senior writer at Wired, Andy Greenberg, the Sandworm Team operates as part of Russian military intelligence.

The notorious hacking group is the first cyberattack squad to successfully carry out a strike on critical infrastructure—an electrical grid in Ukraine—leaving around a quarter of a million Ukrainians without power, according to Wired.

Epoch Times Photo
Epoch Times Photo Smoke from a power station rises in the sky over the city of Kyiv, Ukraine, in January 2006. (Sergei Supinsky/AFP/Getty Images )

The NSA said that the vulnerability in the Exim mail transfer agent, which is a widely used software for Unix-based systems, lets hackers execute any commands or code they like, remotely.

“The Russian actors, part of the General Staff Main Intelligence Directorates (GRU) Main Center for Special Technologies (GTsST), have used this exploit to add privileged users, disable network security settings, execute additional scripts for further network exploitation; pretty much any attackers dream access,” the NSA said.

Successful attacks, however, depend on networks using an unpatched version of the Exim mail transfer agent.

“When the patch was released last year, Exim urged its users to update to the latest version,” the NSA said, adding that it is now calling on users “to immediately patch to mitigate against this still current threat.”

Sandworm Team, Russian GRU Main Center for Special Technologies actors, continue to exploit Exim mail transfer agent #vulnerability, CVE-2019-10149.

Patch to the latest version to protect your networks. Learn more here: https://t.co/6HU3mSPam9 pic.twitter.com/Btuq3KBmhM

— NSA Cyber (@NSACyber) May 28, 2020

Sandworm Team, which also goes by the name Voodoo Bear and Telebots, has spent years targeting Ukraine, which is effectively at war with RRead More – Source