Russian agents engaged in email hacking campaign, warns NSA

The US National Security Agency has warned that a notorious Russian military hacking group is engaged in an email hacking campaign.

The group is part of General Staff Main Intelligence Directorate’s (GRU) Main Center for Special Technologies (GTsST), NSA said on Thursday.

This is the same group which was linked to the leak of 2016 stolen Democratic emails and files in the rup up to the 2016 US presidential election.

The Russian military cyber group has been exploiting a vulnerability in Exim mail transfer agent (MTA) software since at least last August, NSA said.

Exim is a widely used mail transfer agent software for Unix-based systems — which offer an alternative to Microsoft and Apple’s operating systems — and comes pre-installed in some Linux distributions as well.

The vulnerability being exploited, CVE-2019-10149, allows a remote attacker to execute commands and code of their choosing, NSA warned.

The Russian actors have used this exploit to add privileged users, disable network security settings, execute additional scripts for further network exploitation as long as that network is using an unpatched version of Exim mail transfer agent.

The NSA, however, did not reveal who became targets of the Russian hackers.

When the patch was released last year, Exim urged its users to update to the latest version, NSA said, adding that it encourages users to immediately patch to mitigate against this still current threat.