News for Admins

Tech News

Russian Hacking Operation Underway

A Russian hacking collective, known as the "Sandworm Team" (and part of GRU – The Main Directorate of the General Staff of the Armed Forces of the Russian Federation) have been using a special intrusion technique to gain "dream access" by adding privileged users, disable network security settings, update SSH configurations to enable remote access, and execute code that exploits various network vulnerabilities.

This is the same organization that targeted the 2016 United States presidential election to steal emails from the Democratic National Convention and break into voter registration databases.

The target is the Exim mail transfer agent used on countless Linux and UNIX-based operating systems. The actors exploited Exim via the "MAIL FROM" field of the SMTP message. Once exploited, the actor could execute the code of their choosing. The particular vulnerability being exploited was actually patched on June 5, 2019 (CVE-2019-10149), but not all Linux administrators are as up-to-date on patches as they should be. The Exim developers urged all users to upgrade the software, and the NSA is now adding its own encouragement for administrators to immediately patch Exim to mitigate against this ongoing threat.

If your Linux mail server is running a version of Exim older than 4.93, you need to upgrade immediately.

Original source: https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA-Sandworm-Actors-Exploiting-Vulnerability-in-Exim-Transfer-Agent-20200528.pdf

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs



Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>
	</a>

<hr>		    
			</div>
		    		</div>

		<div class=