skip to Main Content

Cyber Warfare, NSA: Sandworm is exploiting a flaw in Exim MTA

The NSA cyber security experts: Russian military cyber actors, known as Sandworm, have been exploiting a vulnerability in Exim mail transfer agent (MTA) to add privileged users, disable network security settings, execute additional scripts for further network exploitation

New cyber warfare chapter between United States and Russia: Moscow military cyber actors, known as Sandworm Team, have been exploiting a vulnerability in Exim mail transfer agent (MTA) software since at least last August. It has been denounced by the US National Security Agency (NSA) cyber security experts. Exim is a widely used MTA software for Unix-based systems and comes pre-installed in some Linux distributions as well. The vulnerability being exploited, CVE-2019-10149, allows a remote attacker to execute commands and code of their choosing. The Russian actors, part of the General Staff Main Intelligence Directorate’s (GRU) Main Center for Special Technologies (GTsST), have used this exploit to add privileged users, disable network security settings, execute additional scripts for further network exploitation. They did by sending a command in the “MAIL FROM” field of an SMTP (Simple Mail Transfer Protocol) message.

Back To Top