• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
iGuRu

iGuRu

Real-time Technology News. Opinions & Tweaks

  • / news
  • / infosec
  • / tools
  • / tweaks
  • / dummies
  • / opinions
  • / support
  • / yourpost
home / News / The NSA warns: the Russians have fallen for us!

The NSA warns: the Russians have fallen for us!

28/05/2020 19:49 by giorgos

The US National Security Agency (NSA) today issued a warning about a new wave of cyber attacks against e-mail servers. The attacks were carried out by one of Russia's most advanced spy units.

The NSA says members of Unit 74455 of the GRU Main Center for Special Technologies, part of Russia's military intelligence service, have attacked email servers running Exim mail transfer agent (MTA).

russia flag - NSA warns: the Russians have fallen on us!

The team, also known as "Sandworm", has been attacking Exim servers since August 2019, taking advantage of a critical vulnerability (CVE-2019-10149), the NSA said in a security alert [PDF] announced today.

"When Sandworm exploits CVE-2019-10149, the victim's system downloads and runs a shell script from a controlled domain by Sandworm," the NSA said.

This shell script I will:

  • Add privileged users
  • Disable network security settings
  • Update SSH settings to allow remote access
  • Run an additional script to allow further exploits

The NSA now warns private and government agencies to update Exim servers to version 4.93 and look for signs of breach. Violations are listed in the PDF issued by the NSA.

The Sandworm team has been active since the mid-2000s and is believed to be the hacker team that developed the BlackEnergy malware that caused a blackout in Ukraine in December 2015. In December 2016, the team also developed the famous ransomware NotPetya which caused billions of dollars in losses to companies around the world.

Vulnerability CVE-2019-10149 was unveiled in June 2019 and has the code name "Return of the WIZard".

Within a week of its revelation, various hacking groups began using it. Two weeks later, Microsoft also issued a warning at the time, warning Azure customers.

Almost half of all Internet email servers run on Exim. According to statistics as of May 1, 2020, only half of these Exim servers have been updated to version 4.93 or later, leaving a large number of systems vulnerable to attack.

The NSA warns: the Russians have fallen for us! was last modified: 28 May, 2020, 7: 49 mm by giorgos

spread the news

  • Facebook
  • Twitter
  • Reddit
  • Printing
  • Email

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News


Competition: Newstag: exim, nsa:, Sandworm

You May Also Like

NSA does not use SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1
Linux malware: hackers change targets
FBI - NSA joint warning for new malware

About Us giorgos

George still wonders what he's doing here ...

Previous Post: « i2pd: End-to-End encryption and anonymous navigation i2pd: End-to-End encryption and anonymous navigation
Next Post: Malcolm A network analysis tool Malcolm A network analysis tool »

Reader Interactions

Comment Policy:

IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators


Leave your comment
Ακύρωση απάντησης

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

 

 © 2021 · iGuRu.gr · ☢ · Keep It Simple Stupid Genesis theme

about  ·   get in touch  ·  rss  ·  sitemap  ·  cough

loading Cancel
Could not post post - check your email address!
Email verification failed, please try again
Your blog can not post posts via email.