A notorious hacking team backed by the Russian government has been exploiting a serious flaw in commonly used email software, the National Security Agency (NSA) warned Thursday, issuing a rare advisory that publicly attributed attempts to utilize the software flaw to a nation-state actor.

The NSA’s Cybersecurity Directorate said a group of cyber actors known as “Sandworm team” from the GRU, Russia’s military intelligence agency, had identified and exploited a vulnerability in the popular email software Exim Mail Transfer Agent (MTA) since at least August 2019.

“The Russian actors … have used this exploit to add privileged users, disable network security settings, execute additional scripts for further network exploitation; pretty much any attacker’s dream access – as long as that network is using an unpatched version of Exim MTA,” the advisory said.

The agency advised users to immediately update the software and warned that any outdated versions would likely remain vulnerable to attack.

“When the patch was released last year, Exim urged its users to update to the latest version. NSA adds its encouragement to immediately patch to mitigate against this still current threat,” it said.

Sandworm is known to have operated for at least a decade and has been linked to large-scale cyberattacks on government, energy and telecommunications sectors in Ukraine and Poland, as well as on NATO and the European Union. The group was determined to be behind the devastating 2017 NotPetya attacks, which caused billions of dollars of damage across Europe, the United States and Asia. In February, the State Department publicly blamed Sandworm for a widespread cyberattack on government and private websites in the country of Georgia.

“This is a dangerous vulnerability that can provide an entryway for one of the most threatening cyber actors into the inner sanctum of corporate and government networks,” said Dmitri Alperovitch, founder and former chief technology officer of cybersecurity firm CrowdStrike and chairman of Silverado Policy Accelerator.

“It is an important sign that NSA is now providing this highly relevant context about which adversary is exploiting this vulnerability that is highly helpful for defenders to prioritize defense and other mitigation efforts,” Alperovitch said.

The NSA’s Cybersecurity Directorate, which was restructured and newly launched last October, has been charged with disseminating more unclassified threat information more quickly, so that private sector entities can take steps to protect themselves from cyber attacks.

In January, the directorate announced a critical flaw in Microsoft’s Windows 10 operating system. It notably disclosed the vulnerability to the company instead of using it to carry out cyber activities of its own, as had been its practice in the past.  

The NSA on Wednesday launched a new Twitter account, @NSACyber, where news of the Exim vulnerability was also announced.

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Amid coronavirus pandemic, man’s note to hospital staff who saved wife goes viral

Clinical trials underway; Bryan Llenas reports. Get all the latest news on coronavirus and more delivered daily to your inbox. Sign up here. A man in Morristown, N.J., has gone viral after he was spotted holding a sign thanking medical staff for…

Mexico joins Canada, notifies U.S. it’s ready to implement new NAFTA

The Mexican government notified Canada and the U.S. late Friday that it is ready to implement the revised North American trade agreement, leaving it up to the Americans now to decide when the deal should take effect. Jesús Seade, Mexico’s…

Security risk from no-deal Brexit being ‘downplayed’, warns ex-adviser

Ministers are refusing to admit to the threat from terrorists and crime gangs if there is no Brexit deal, says a former national security adviser in a stinging attack. Lord Peter Ricketts warned the likely fallbacks will be “putting the…

Super PAC American Bridge posts Pence oppo book online for free ahead of debates

With the vice presidential debate fast approaching, pro-Democrat Super PAC American Bridge 21st Century has released its entire opposition research book on Vice President Mike Pence for free online. The group, which handed over similar extensive documents to the Hillary…