The United States cybersecurity agency is warning about Russian military hackers exploiting a critical software flaw that makes it possible to weaponize email.
“Russian military cyber actors, publicly known as Sandworm Team, have been exploiting a vulnerability in Exim mail transfer agent (MTA) software since at least last August,” the National Security Agency (NSA) said May 28 in a cybersecurity advisory.
Dubbed “the Kremlins most dangerous hackers” by author and senior writer at Wired, Andy Greenberg, the Sandworm Team operates as part of Russian military intelligence.
The notorious hacking group is the first cyberattack squad to successfully carry out a strike on critical infrastructure—an electrical grid in Ukraine—leaving around a quarter of a million Ukrainians without power, according to Wired.
The NSA said that the vulnerability in the Exim mail transfer agent, which is a widely used software for Unix-based systems, lets hackers execute any commands or code they like, remotely.
“The Russian actors, part of the General Staff Main Intelligence Directorates (GRU) Main Center for Special Technologies (GTsST), have used this exploit to add privileged users, disable network security settings, execute additional scripts for further network exploitation; pretty much any attackers dream access,” the NSA said.
Successful attacks, however, depend on networks using an unpatched version of the Exim mail transfer agent.
“When the patch was released last year, Exim urged its users to update to the latest version,” the NSA said, adding that it is now calling on users “to immediately patch to mitigate against this still current threat.”
Sandworm Team, Russian GRU Main Center for Special Technologies actors, continue to exploit Exim mail transfer agent #vulnerability, CVE-2019-10149.
— NSA Cyber (@NSACyber) May 28, 2020
Sandworm Team, which also goes by the name Voodoo Bear and Telebots, has spent years targeting Ukraine, which is effectively at war with RRead More – Source