NSA Warns of New Sandworm Attacks on Email Servers

by

The US National Security Agency (NSA) has published a security alert warning of a new wave of cyberattacks against email servers, attacks conducted by one of Russia's most advanced cyber-espionage units. From a report: The NSA says that members of Unit 74455 of the GRU Main Center for Special Technologies (GTsST), a division of the Russian military intelligence service, have been attacking email servers running the Exim mail transfer agent (MTA). Also known as "Sandworm," this group has been hacking Exim servers since August 2019 by exploiting a critical vulnerability tracked as CVE-2019-10149, the NSA said in a security alert shared today with ZDNet. "When Sandworm exploited CVE-2019-10149, the victim machine would subsequently download and execute a shell script from a Sandworm-controlled domain," the NSA says.