A group of hackers affiliated with the Russian government has exploited flaws in an email software, according to the National Security Agency.
Their recent advisory said the group, called “Sandworm team,” is a part of Russia’s military intelligence agency that exploited a vulnerability in Exim Mail Transfer Agent since last August.
More from a recent NBC report:
“The Russian actors … have used this exploit to add privileged users, disable network security settings, execute additional scripts for further network exploitation; pretty much any attacker’s dream access – as long as that network is using an unpatched version of Exim MTA,” the advisory said.
The agency advised users to immediately update the software and warned that any outdated versions would likely remain vulnerable to attack.
“When the patch was released last year, Exim urged its users to update to the latest version. NSA adds its encouragement to immediately patch to mitigate against this still current threat,” it said.
The NSA’s Cybersecurity Directorate, which was restructured and newly launched last October, has been charged with disseminating more unclassified threat information more quickly, so that private sector entities can take steps to protect themselves from cyber attacks.
The directorate announced in January that a flaw in Windows 10 was disclosed to Microsoft and no harmful cyber activities were carried out.
The NSA has launched a new Twitter account, @NSACyber, where news of the Exim vulnerability was recently announced.
Additional resources to protect against cyber threats:
- U.S. Cybersecurity Officials Warn of Attacks on Hastily Deployed Office 365 Solutions
- The Worst Cyber Attacks of 2019: Biggest Breaches & Expensive Consequences
- The Biggest Targets of Cyber Attacks and How to Prepare For Them