NSA Warns Russian Hacking Group Targeting Vulnerable Email Systems
May 29, 2020 - The hacking group known as Sandworm, based in Russia, have been actively exploiting a vulnerability found in the Exim Mail Transfer Agent (MTA) email software, according to an alert from the National Security Agency.
The group is also known as Fancy Bear and a host of others, which have been tied to a series of espionage attacks in both Europe and the US.
In late 2018, Palo Alto researchers warned the group was likely behind a new hacking tool that was targeting government systems in the US and Europe using stealthy, sophisticated spear-phishing attacks to deploy a Canon trojan. Users would only need to open the email for the malware to download, rather than clicking a link to engage the malicious attack.
The latest effort targets Exim, a common MTA software found in Unix-based systems and some Linux platforms, like Debian. NSA officials explained that an update was released for a critical vulnerability known as...