“A new wave of Sandworm attacks is deeply about.”
The US’s National Safety Company (NSA) suggests Russian armed service intelligence is broadly abusing a critical 2019 vulnerability in the Exim mail transfer software package
The NSA explained the GRU’s Key Centre for Specific Technologies (GTsST) are using the bug to “add privileged buyers, disable community stability configurations, execute more scripts for further community exploitation quite significantly any attacker’s aspiration entry.”
The hackers are popularly regarded as “Sandworm”.
Exim is a mail transfer agent used broadly in Unix-primarily based techniques and comes pre-put in in several Linux deployments. A critical vulnerability (CVE-2019-10149) exists in all versions of Exim’s MTA from model 4.87 to 4.91 it was to start with described by Qualys.
When this has been patched upstream considering that June 2019, the perennial challenge of lousy cyber hygiene and irregular patching indicates several are nevertheless exposed. (Test