U.S. Accuses Russian Military Hackers of Attack on Email Servers
Julian E. Barnes and David E. Sanger report:
The National Security Agency publicly accused Russian government hackers of targeting email servers around the world in an unusual announcement on Thursday, showing that the agency is becoming more aggressive in calling out Moscow’s action as the presidential election approaches.
While the Trump administration has publicly attributed cyberattacks to Russia before — including for its 2016 election hack and for paralyzing Ukraine in 2017, which damaged the operations of the shippers Maersk and FedEx — this allegation was unusually specific. It singled out Russia’s military intelligence unit, widely known as the G.R.U., demonstrating intelligence agencies’ concern that Russia intends to interfere in the election only a little more than five months away.
Read more on the New York Times.
In related — and more detailed — coverage, Sergiu Gatlan reports:
The U.S. National Security Agency (NSA) says that Russian military threat actors known as Sandworm Team have been exploiting a critical flaw in the Exim mail transfer agent (MTA) software since at least August 2019.
The vulnerability tracked as CVE-2019-10149 and named “The Return of the WIZard” makes it possible for unauthenticated remote attackers to execute arbitrary commands as root on vulnerable mail servers — for some non-default server configurations — after sending a specially crafted email.
“When the patch was released last year, Exim urged its users to update to the latest version,” the agency says. “NSA adds its encouragement to immediately patch to mitigate against this still current threat.”
Read more on BleepingComputer.