Russian special forces from the military intelligence agency are actively exploiting a security vulnerability in the widespread Exim email server that has been publicly known for almost a year. At least that’s what NSA expects, which is not only a technical secret service, but also a US cybersecurity agency.
The Attack Wave Is Said To Come From The GRU Team
According to the NSA warning, the group has been attacking the Exim server at least for 8 months. The GRU unit uses the vulnerability to download and run a shell script from a website it controls. This would enable them to obtain privileged user rights, switch off network security settings, update configurations and thus open up additional access options remotely. In addition, another script was launched with the aim of making the attacked machine easy to use in the future.
The NSA is now warning private and government organizations to update their Exim servers to version 4.93 and look for signs of compromise. Indicators of compromise are available in the NSA’s PDF, linked above.
Administrators Should Update Their Exim Servers
NSA says that administrators should update their Exim servers to at least version 4.93 and look out for a compromised system. The US secret service connects the IP addresses and domains. The IT security community must take the case seriously. NSA therefore did not want to provide information on the number of affected computers or particularly affected regions. Almost half of the email servers worldwide use Exim. According to an overview from the beginning of May, only half of them were at least at the level of version 4.93 protected against the vulnerability. The United States and other members of the western secret service referred for a number of years to cyberattacks apparently of Russian origin and the suspected actors.
The fact that the agency accuses a Russian secret service is a sign that it can at least initially operate outside of the direct political pressure of Trump. National Security Agency officials have insisted that their agency should be able to act non-politically without the political influence changing its intelligence judgments.