NSA: Russian Hackers are Hacking EXIM Email Servers

Russian Hacker | According to the NSA, Russian hackers are being able to hack into more used email servers to take over.

The National Security Agency has released a security message indicating that Russian hackers have been carrying out such activities since last year.

The main mail services occupied by Russian hackers NSA

The National Security Agency says hackers in 74455 units of the GRU's main center for special technologies (GTsST) have been hacking major email servers using the EXIM Mail Transfer Agent. And the Russian military intelligence service is doing it.

There is a group called Sandworm. And that is the weakness they are exploiting. CVE-2019-10149. 

CVE-2019-10149 Weakness was published in June 2019.

Shell Script will add privileged users. Disables network security settings. 

Update SSH Configuration to enable remote access.

And launch an additional script to enable follow-on exploitation.

This will enable all the victims' computers connected to the EXIM server to execute a shell script from a domain controlled by Sandworm. And at the end of it all, they will grab the information.

EXIM servers typically run a UNIX based operating system. And it is used by many companies and even many government jobs. Although owned by Microsoft, little is known about Exchange.

This Sandworm group has been famous as well as infamous for BlackEnergy Malware for the past decade. The notorious cause was an attack on Ukraine's nuclear servers in December 2015.

The group was involved in the 2016 US presidential election that attacked emails from the Democratic National Committee and smashed voter registration databases.

It is known that about half of the servers that use SMTP. And the statistics are that the email servers will be half of the EXIM server. 

Currently, EXIM Server has been updated to 4.98.

Visit DarkMagician.Xyz every day to get all the updated news, tips and tricks. 

Author:  Ismail Hossain (Sourov)

Youtube  | Page  | Group  | Website