The National Security Agency said Russian military hackers exploited a vulnerability in mail-relay software.
A security alert published Thursday on the NSA’s website said the hacking campaign was carried out by a group within the GRU, Russia’s military intelligence agency. The hacking group, known as “Sandworm,” has been previously connected to cyberattacks on Ukraine’s electric grid.
Since August, the hackers have been exploiting a vulnerability in Exim, a mail transfer agent common on Unix-based operating systems, such as Linux, according to the NSA. The vulnerability was patched last year, but some users have not updated their systems.
The NSA called the vulnerability an “attacker’s dream” because it allows one to “execute commands and code of their choosing,” such as disabling network security settings and executing an additional script to allow further exploitation.
“Using a previous version of Exim leaves a system vulnerable to exploitation. System administrators should continually check software versions and update as new versions become available,” the NSA said.
The agency did not say how many organizations were compromised or which business sectors were targeted.
