NSA warns that Russian hackers exploiting the Exim vulnerability (CVE-2019-10149) since at least last August. The APT hacker group linked with the attack is Sandworm Team.
Sandworm Team is known to be active since 2009, and the group mainly targets Ukrainian entities associated with energy, industrial control systems, SCADA, government, and media.
Exim is a popular mail transfer agent (MTA) that comes pre-installed with some Linux distributions such as Debian. Last June, Exim patched critical remote code execution vulnerability that affects versions between Exim 4.87 to 4.91. The vulnerability was fixed with Exim 4.92.
The vulnerability can be exploited by an unauthenticated remote attacker by sending a specially crafted email to execute commands with root privileges.
NSA observed that threat Russian APT hackers exploiting Exim vulnerability on public-facing MTA by sending a crafted mail in the “MAIL FROM” field of an SMTP (Simple Mail Transfer Protocol) message.
If the vulnerability was exploited successfully then attackers able to install programs, modify data, and create new accounts.
“When Sandwormexploited CVE-2019-10149, the victim machine would subsequently download and execute a shell script from a Sandworm-controlled domain.”
Following are the script that attackers can execute;
Using a previous version of Exim leaves the system vulnerable. System administrators are recommended to update with the latest version to mitigate the attacks.
Indicators of Compromise (IOC)
95.216.13(.)196
103.94.157(.)5
hostapp(.)be
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
A startling discovery by BeyondTrust researchers has unveiled a critical vulnerability in Microsoft Entra ID…
The Cofense Phishing Defense Center has uncovered a highly strategic phishing campaign that leverages Google…
Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated by…
Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool installers,…
Pure Crypter, a well-known malware-as-a-service (MaaS) loader, has been recognized as a crucial tool for…
A recent discovery by security researchers at BeyondTrust has revealed a critical, yet by-design, security…
![](data:image/svg+xml;charset=utf-8,<svg height="400px" width="1000px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
%20(1).webp?w=1600&resize=1600,900&ssl=1)
%20(1).webp?w=1600&resize=1600,900&ssl=1)
View Comments
Majorly, cybersecurity can be categorized into three categories namely- network, application, and information. Our major focus will be on the above three mentioned categories. Others include- operational security, disaster recovery and business continuity, and end-user education. Let us look at the different kinds of cybersecurity.
Network Security-
Offices, schools, colleges, and various other institutions are interconnected with many smart technologies including computers. Network security provides these institutions security from the intruders and malicious attacks on their systems.
Application Security-
Multiple applications on your smart devices ask for your permission to access your data. Knowingly or unknowingly we use to give them access to many relevant data. Application security helps to restrict targeted attackers enabling software and devices free from any threat.
Information Security-
Information security enables protection to the integrity and privacy of data, whether stored in the cloud or the vault.
To know more, visit http://allicienttechnologies.com/