- Joined
- Apr 18, 2013
- Messages
- 94,171
- Reaction score
- 82,449
- Location
- Barsoom
- Gender
- Male
- Political Leaning
- Independent
U.S. Warns Of Russian Hacking Group's Attempts To Gain 'Dream Access' To Computer Systems
Such timely notices should be a mainstay of how the NSA protects the cyber security of the US government and the business community.
5/29/20
The U.S. National Security Agency (NSA) on May 28 warned government partners and private companies about a Russian hacking operation that it says uses a special intrusion technique to target operating systems often used to manage computer infrastructure. “This is a vulnerability that is being actively exploited. That’s why we’re bringing this notification out,” said Doug Cress, chief of the cybersecurity collaboration center and directorate at NSA, in an advisory. “We really want…the broader cybersecurity community to take this seriously.” The notice is part of a series of public reports by the U.S. agency to share actionable cyber-defense information. The NSA said the hacking activity was tied to “Russian military cyber-actors, publicly known as Sandworm Team" and are part of Russia’s Main Intelligence Directorate’s (GRU) Main Center for Special Technologies.
The NSA said the hackers have used the special intrusion technique to add privileged users, disable network security settings, and execute code that enables further network exploitation – “pretty much any attacker’s dream access – as long as that network is using an unpatched version of Exim [mail transfer agent].” Exim mail transfer agent is software widely used on Unix-based operating systems such as Linux but is far less known than commercial alternatives such as Microsoft Exchange. The vulnerability was patched last year, but some users have not updated their systems. The Sandworm group is the same one that interfered in the 2016 presidential election, stealing and exposing Democratic National Committee e-mails and breaking into voter registration databases. It also has been blamed for disruptive cyberattacks against Ukrainian electricity production facilities.
Such timely notices should be a mainstay of how the NSA protects the cyber security of the US government and the business community.