NSA Connects Russian Cyber Group to Exim Hacks

Russia U.S. Hacking

The National Security Agency has identified Russian military cyber actors – part of the General Staff Main Intelligence Directorate’s (GRU) Main Center for Special Technologies (GTsST) – have exploited a vulnerability in Exim mail transfer agent (MTA) software since at least August 2019.

Exim is a MTA software for Unix-based systems that comes pre-installed on some Linux distributions. Publicly known as Sandworm Team, the cyber actors exploited a vulnerability in the software that “allows a remote attacker to execute commands and code of their choosing.” This allowed the GRU cyber actors to add privileged users, disable network security settings, and execute additional scripts to further exploit, NSA said.

“When [a] patch was released last year, Exim urged its users to update to the latest version. NSA adds its encouragement to immediately patch to mitigate against this still current threat,” NSA said.

Jordan Smith
About Jordan Smith
Jordan Smith is a MeriTalk Staff Reporter covering the intersection of government and technology.

Categories

Recent