NSA warns about Sandworm APT exploiting Exim flaw

2020-05-29 10:36

The Russian APT group Sandworm has been exploiting a critical Exim flaw to compromise mail servers since August 2019, the NSA has warned in a security advisory published on Thursday.

Attackers started exploiting it to compromise Linux servers and instal cryptocoin miners on them, and Microsoft warned about a Linux worm leveraging the flaw to target Azure virtual machines running affected versions of Exim.

"The actors exploited victims using Exim software on their public facing MTAs by sending a command in the"MAIL FROM" field of an SMTP message," they explained.

The NSA provided IP addresses and domains that were associated with the Sandworm attacks and offered additional advice on how to apply multiple defensive layers to protect public facing software such as MTAs.

Though the number of vulnerable Exim instances has been steadily falling due to organizations upgrading their Exim mail servers, it was still around 900,000 in May 2020.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/GZHjdG1gLyU/

#APT #exim #NSA

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Exim		1	2	14	21	11	48
NSA		2	0	12	0	2	14