Abuse.ch cybersecurity experts: Corporate web proxy operators shoud block outgoing network traffic towards api.telegram .org. The malware until now exploited FTP or SMTP.
The NSA cyber security experts: Russian military cyber actors, known as Sandworm, have been exploiting a vulnerability in Exim mail transfer agent (MTA) to add privileged users, disable network security settings, execute additional scripts for further network exploitation
New cyber warfare chapter between United States and Russia: Moscow military cyber actors, known as Sandworm Team, have been exploiting a vulnerability in Exim mail transfer agent (MTA) software since at least last August. It has been denounced by the US National Security Agency (NSA) cyber security experts. Exim is a widely used MTA software for Unix-based systems and comes pre-installed in some Linux distributions as well. The vulnerability being exploited, CVE-2019-10149, allows a remote attacker to execute commands and code of their choosing. The Russian actors, part of the General Staff Main Intelligence Directorate’s (GRU) Main Center for Special Technologies (GTsST), have used this exploit to add privileged users, disable network security settings, execute additional scripts for further network exploitation. They did by sending a command in the “MAIL FROM” field of an SMTP (Simple Mail Transfer Protocol) message.