Sunday, March 7, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

NSA warns of new Sandworm attacks on email servers

May 31, 2020
in Internet Security
Here’s the NSA’s guide for choosing a safe text chat and video conferencing service
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: Pankaj Patel, NSA, ZDNet

The US National Security Agency (NSA) has published today a security alert warning of a new wave of cyberattacks against email servers, attacks conducted by one of Russia’s most advanced cyber-espionage units.

The NSA says that members of Unit 74455 of the GRU Main Center for Special Technologies (GTsST), a division of the Russian military intelligence service, have been attacking email servers running the Exim mail transfer agent (MTA).

You might also like

Linux distributions: All the talent and hard work that goes into building a good one

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool

Cyberattack shuts down online learning at 15 UK schools

Also known as “Sandworm,” this group has been hacking Exim servers since August 2019 by exploiting a critical vulnerability tracked as CVE-2019-10149, the NSA said in a security alert [PDF] shared today with ZDNet.

“When Sandworm exploited CVE-2019-10149, the victim machine would subsequently download and execute a shell script from a Sandworm-controlled domain,” the NSA says.

This shell script would:

  • Add privileged users
  • Disable network security settings
  • Update SSH configurations to enable additional remote access
  • Execute an additional script to enable follow-on exploitation

The NSA is now warning private and government organizations to update their Exim servers to version 4.93 and look for signs of compromise. Indicators of compromise are available in the NSA’s PDF, linked above.

Sandworm had 9 months to carry out attacks

The Sandworm group has been active since the mid-2000s and is believed to be the hacker group who developed the BlackEnergy malware that caused a blackout in Ukraine in December 2015 and December 2016, and the group who developed the infamous NotPetya ransomware that caused damages of billions of US dollars to companies all over the world. It is currently considered one of the two most advanced Russian state-sponsored hacking groups, together with Turla.

The CVE-2019-10149 vulnerability was disclosed in June 2019, and was codenamed “Return of the WIZard.”

Within a week after it was disclosed, hacking groups began abusing it. After two weeks, Microsoft had also issued an alert at the time, warning Azure customers that a threat actor had developed an Exim self-spreading worm that exploited this vulnerability to take over servers running on Azure infrastructure.

Nearly half of the internet’s email servers run Exim. According to stats from May 1, 2020, only a half of all Exim servers have been updated to version 4.93, or later, leaving a large number of Exim instances exposed to attacks.

“Many orgs fixate on the new and shiny, like cloud and mobile. However, they forget that really old services like SMTP run a big chunk of their personal and business lives, and by definition those services are Internet-exposed,” Richard Bejtlich, Principal Security Strategist at cyber-security firm Corelight, told ZDNet.

“They make perfect targets for adversaries as they face the Internet, they handle the most sensitive data, and people treat them like appliances, meaning they are often forgotten so long as they continue working, and are not monitored.”

Naming-and-shaming continues

But today’s NSA security advisory also has two other purposes besides just urging Exim administrators to patch their servers.

It’s also meant to burn a lot of Sandworm offensive infrastructure. Following today’s alert, Sandworm operators are most likely to lose access to many of the servers they’ve been hacking for the past nine months, as server administrators deploy patches and remove Sandworm backdoors.

Second, the advisory draws the world’s attention to Russia’s cyber-espionage operations, again. Many of these Russian opreations have often crossed a line of what’s acceptible in modern-day cyber-intelligence gathering by often causing havoc in the real world (i.e. NotPetya, BadRabbit, BlackEnergy, Georgia DDoS attacks, DNC hack, etc.).

The US and fellow Five Eyes countries have made naming and shaming Russian cyber-attacks a matter of policy, since at least late 2018, and they have continued ever since, expanding the policy to Chinese, Iranian, and North Korean operations as well.


Credit: Zdnet

Previous Post

Why Is Kate Middleton Still Miserable About Meghan Markle Leaving the U.K.?

Next Post

Thanks To Renewables And Machine Learning, Google Now Forecasts The Wind

Related Posts

Linux distributions: All the talent and hard work that goes into building a good one
Internet Security

Linux distributions: All the talent and hard work that goes into building a good one

March 7, 2021
Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool
Internet Security

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool

March 7, 2021
Cyberattack shuts down online learning at 15 UK schools
Internet Security

Cyberattack shuts down online learning at 15 UK schools

March 6, 2021
Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments
Internet Security

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments

March 6, 2021
$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud
Internet Security

$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud

March 6, 2021
Next Post
Understanding The Recognition Pattern Of AI

Thanks To Renewables And Machine Learning, Google Now Forecasts The Wind

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Linux distributions: All the talent and hard work that goes into building a good one
Internet Security

Linux distributions: All the talent and hard work that goes into building a good one

March 7, 2021
Enhance your gaming experience with this sound algorithm software
Machine Learning

Enhance your gaming experience with this sound algorithm software

March 7, 2021
Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool
Internet Security

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool

March 7, 2021
How Optimizing MLOps can Revolutionize Enterprise AI
Machine Learning

How Optimizing MLOps can Revolutionize Enterprise AI

March 6, 2021
Cyberattack shuts down online learning at 15 UK schools
Internet Security

Cyberattack shuts down online learning at 15 UK schools

March 6, 2021
Facebook enhances AI computer vision with SEER
Machine Learning

Facebook enhances AI computer vision with SEER

March 6, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Linux distributions: All the talent and hard work that goes into building a good one March 7, 2021
  • Enhance your gaming experience with this sound algorithm software March 7, 2021
  • Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool March 7, 2021
  • How Optimizing MLOps can Revolutionize Enterprise AI March 6, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates