Russian hackers are exploiting bug that gives control of US servers

 In Biz & IT, exim, hacking, National Security Agency, NSA, Policy, russia, sandworm

Russian hackers are exploiting bug that gives control of US servers

Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Stylized photo of desktop computer.

Enlarge (credit: Lino Mirgeler/picture alliance via Getty Images)

A Russian hacking group tied to power-grid attacks in Ukraine, the world’s most destructive data wiper worm, and other nefarious Kremlin operations is exploiting a vulnerability that allows it to take control of computers operated by the US government and its partners.

In an advisory published on Thursday, the US National Security Agency said that the Sandworm group was actively exploiting a vulnerability in Exim, an open source mail transfer agent, or MTA, for Unix-based operating systems. Tracked as CVE-2019-10149, the critical bug makes it possible for an unauthenticated remote attacker to send specially crafted emails that execute commands with root privileges. With that, the attacker can install programs of their choosing, modify data, and create new accounts.

A patch CVE-2019-10149 has been available since last June. The attacks have been active since at least August. NSA officials wrote:

Read 6 remaining paragraphs | Comments

Sandworm group uses emails to send root commands to buggy Exim servers.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt