Type
Campaign
Actors
Sandworm
Pub. date
May 28, 2020
Initial access
1-day vulnerability
Impact
Targeted technologies
Exim
References
https://www.cisa.gov/news-events/alerts/2020/05/28/nsa-releases-advisory-sandworm-actors-exploiting-exim-vulnerability
Status
Stub
Last edited
Jun 2, 2024 8:02 AM
On May 28, 2020, the NSA released a cybersecurity advisory on Russian APT group Sandworm exploiting CVE-2019-10149, a vulnerability in Exim Mail Transfer Agent (MTA) software. An unauthenticated remote attacker can use this vulnerability to send a specially crafted email to execute commands with root privileges, allowing the attacker to install programs, modify data, and create new accounts.