The US National Security Agency has published an advisory relating to the ongoing exploitation of Exim vulnerability CVE-2019-10149.
Russian military cyber actors, known as Sandworm, have been exploiting a vulnerability in Exim mail transfer agent. To mitigate the CVE -2019-10149 vulnerability, providers should update Exim immediately by installing version 4.93 or newer.
The NCSC published a statement in support of the NSA’s findings and has previously published an advisory which provides details and mitigation advice on a number of Exim vulnerabilities.
The UK and its allies have previously exposed numerous campaigns by the GRU of indiscriminate and reckless cyber attacks.
Earlier this year, the UK government publicly condemned an unacceptable campaign of cyber attacks against Georgia. The NCSC assessed with the highest level of probability that the Russian GRU was behind these attacks
When the patch was released last year, Exim urged its users to update to the latest version. NSA adds its encouragement to immediately patch to mitigate against this still current threat.
Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet.