Home Cyber Security Email servers being attacked with a new Sandworm attack says NSA

Email servers being attacked with a new Sandworm attack says NSA


It has been observed that the frequency at which we are seeing new attacks happening these days is alarming and the fact that people are getting harmed due to that reason is even more problematic. We have literally seen companies being shut down or temporarily closing operations due to their servers getting hacked or being attacked for some reason. Now, law enforcement agencies have been extremely vigilant all this while and they have informed the public about all the possible hacking attacks that they have been tracing so far. In between all this, we now have a new report from the NSA regarding a new type of attack.

In its latest report, the NSA says that they have found out about Russian military hackers targeting Exim email servers with a new type of attack that was first observed in August 2019 and these attacks are being used to plant backdoors inside a system. Now for those who are unaware regarding backdoors, it is to be noted that they are something that a hacker would install which will let them access to the system later on. For example, this could be a new login system or some sort of a way so that hacker can enter the system without knowledge of the admin unless and until they have seen the code change inside the system.

NSA reveals that “When Sandworm exploited CVE-2019-10149, the victim machine would subsequently download and execute a shell script from a Sandworm-controlled domain,” Talking about Sandworm, it is believed to be the infamous group “that caused a blackout in Ukraine in December 2015 and December 2016” because of its BlackEnergy malware as well as the one behind NotPetya malware that also caused billions of US dollars in damage to companies all over the world. After NSA’s advisory, Exim servers will be removing backdoors from their servers meaning the damage of this attack will be decreased.