Express Computer
Home  »  News  »  Major Email Programs Hacked By Russian Agents: NSA

Major Email Programs Hacked By Russian Agents: NSA

0 157

The U.S. National Security Agency says the same Russian military hacking group that interfered in the 2016 presidential election and unleashed a devastating malware attack the following year has been exploiting a major email server program since last August or earlier.

The timing of the agency’s advisory Thursday was unusual considering that the critical vulnerability in the Exim Mail Transfer Agent — which mostly runs on Unix-type operating systems — was identified 11 months ago, when a patch was issued.

Exim is so widely used — though far less known than such commercial alternatives as Microsoft’s proprietary Exchange — that some companies and government agencies that run it may still not have patched the vulnerability, said Jake Williams, president of Rendition Infosec and a former U.S. government hacker.

It took Williams about a minute of online probing on Thursday to find a potentially vulnerable government server in the U.K.

He speculated that the NSA might have issued to advisory to publicize the IP addresses and a domain name used by the Russian military group, known as Sandworm, in its hacking campaign — in hopes of thwarting their use for other means.

The Exim exploit allows an attacker to gain access using specially crafted email and install programs, modify data and create new accounts — gaining a foothold on a compromised network.

The NSA did not say who the Russian military hackers have targeted. But senior U.S. intelligence officials have warned in recent months that Kremlin agents are engaged in activities that could threaten the integrity of the November presidential election.

An NSA official reached by The Associated Press would only say that the agency is publicizing the vulnerability because, despite an October warning by British officials, it “has continued to be exploited and needs to be patched.” The hope, in now publicizing Sandworm’s role, is to further motivate patching, said the official, who spoke on condition they not be further identified.

Sandworm agents, tied to Russia’s GRU military intelligence arm, wreaked havoc on the 2016 U.S. presidential election, stealing and exposing Democratic National Committee emails and breaking into voter registration databases.

They also have been blamed by the U.S. and U.K. governments for the June 2017 NotPetya cyberattack, which targeted businesses that operate in Ukraine. It caused at least $10 billion in damage globally, most notably to the Danish shipping multinational Maersk.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image