Wednesday, May 8, 2024
Home Cyber Attack Email Servers Hacked by Russian Military : NSA

Email Servers Hacked by Russian Military : NSA

The US National Security Agency (NSA) released a new warning that the Russian state cyber attackers are exploiting a vulnerability in the Exim Email server for the last nine months.

The Exim is a mail transfer agent(MTA) software that was developed by the University of Cambridge which is mainly used on the Unix-operating System. It also comes with many popular Linux distributions like Red Hat and Debian. It is thought to run on millions of Email servers globally.

NSA warned that organizations for the failed patch CVE-2019-10149 that was recently fixed in June 2019 that may be at risk from the famous Sandworm Group.

The Cyber attacker exploits the victim by using Exim software on their public-facing MTAs by sending the command in  ‘MAIL FROM field of an SMTP(Simple Mail Transfer Protocol) message.

The attackers which unauthenticated take remote and send a specially crafted email to execute commands with the root privileges and allow the cyber attackers to install the malicious program, change the data, and create new accounts.

When the CVE-2019-10149 patch is exploited by the sandworm group and after that, they target the machine where they download and execute the shell script from the domains which are under sandworm group control.

When the new script executed by the attacker then some changes they can do like:

  • Update SSH Configuration
  • Add privileged users
  • Disable the Network security setting

This is all the above done to enable additional remote access that can execute an additional script in the shell to keep enable of follow-on exploitation.

Email Servers Hacked by Russian Military : NSA
Email Servers Hacked by Russian Military: NSA

The NSA mentioned and called organizations for the upgrade of the Exim and install 4.93 or the newer version. The NSA also asked to use network-based security devices to detect and block CVE-2019-10149 the attempts of exploitation.

The Sandworm is known for the most sophisticated state hacking outfit. This is also predicted that it may be linked to the BlackEnergy malware that we used for attacks in Ukrainian power stations in 2015 and 2016 which basically cause the major outrage during winter. The campaigns are especially against the NATO members and European Government in 2019

 

Bipin Choudharyhttps://vednam.com
Bipin has been a passionate blogger for several years. He is a Cyber Security Enthusiast, Security Blogger, Technical Writer. He is always eager to know everything about the latest technology development and advancement. Author @ Vednam

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

7 Best Free Ethical Hacking Courses Online

  Ethical hacking is the practice of identifying vulnerabilities in computer systems and networks, using the same techniques and tools as malicious hackers. Ethical hackers,...

How does AuKill malware work?

AuKill Malware Actively Used to Disable EDR in Ongoing Attacks The cybersecurity landscape is constantly evolving, and attackers are always finding new ways to breach...

What is Black box hacking ? How Does it works ?

  Black box hacking refers to the process of testing a system, network or application for vulnerabilities without having any prior knowledge of its internal...

What is Penetration testing ? How does it works ?

  Penetration testing, or PenTesting for short, is a critical part of any comprehensive cybersecurity program. It involves testing the security of computer systems, networks,...

Recent Comments