‘The US National Security Agency (NSA) has published a security alert warning of a new wave of cyberattacks against email servers, attacks conducted by one of Russia’s most advanced cyber-espionage units.
The NSA says that members of Unit 74455 of the GRU Main Center for Special Technologies (GTsST), a division of the Russian military intelligence service, have been attacking email servers running the Exim mail transfer agent (MTA).
Also known as “Sandworm,” this group has been hacking Exim servers since August 2019 by exploiting a critical vulnerability tracked as CVE-2019-10149.
When Sandworm exploited CVE-2019-10149, the victim machine would subsequently download and execute a shell script from a Sandworm-controlled domain. This shell script would:
⚠️Add privileged users
⚠️Disable network security settings
⚠️Update SSH configurations to enable additional remote access
⚠️Execute an additional script to enable follow-on exploitation
The NSA is now warning private and government organizations to update their Exim servers to version 4.93 and look for signs of compromise.
The Sandworm group has been active since the mid-2000s and is believed to be the hacker group who developed the BlackEnergy malware that caused a blackout in Ukraine in December 2015 and December 2016, and the group who developed the infamous NotPetya ransomware that caused damages of billions of US dollars to companies all over the world.
It is currently considered one of the two most advanced Russian state-sponsored hacking groups, together with Turla.
With the rise of many technological trends, all industries are reaping the benefits. Different technologies…
Online gaming is the latest normal in today’s fast-paced digital world. The internet now offers…
Tax season: the time of year many individuals and businesses dread. The weight of ensuring…
As we enter in the final months of 2023, we can talk more clearly about…
Selokhu yakhululwa ngo 2011, Minecraft has become one of the most played video games…
I-Minecraft isisebenze isikhathi esingaphezu kweminyaka eyishumi, and in that time it has…
This website uses cookies.