Daily Post 1338
RUSSIA’s MILITARY INTELLIGENCE ARM – GRU
Not getting any news of hacking relating to GRU in a season of hacking was quite surprising. They have been exploiting a major email server program since last August or earlier. The vulnerability is in the Exim Mail Transfer Agent which mostly runs on Unix-type operating systems. Though it was identified 11 months back and at that time a patch was issued, the timing of the National Security Agency Advisory on Thursday is suspect. It is believed this was done to publicise IP addresses / domain name used by Sandworm, a Russian military group, in its hacking campaign hoping thwarting their use by other means.
Sandworm Agents, connected to GRU, Russia’s military intelligence arm hacked an election for the first time, the US Presidential Elections 2016. They were able to steal and then expose Democratic National Committee emails and were able to break into voter registration databases. The UK and the US govts pointed their finger to these guys for the June 2017 NotPetya cyberattack, the main target being the businesses operating in Ukraine. Jawaharlal Nehru Port Trust, Mumbai operations were also impacted by this attack. The damage by this ransomware attack globally was to the tune of $10 billion. Danish shipping multinational Maersk turned out to be one of the main targets.
Exim is widely used but not known as the commercial alternatives as Microsoft’s proprietary exchange that some govt agencies and companies may still have not patched. Jake Williams of Rendition Infosec, a former US govt hacker took just around a minute of online probing to find potentially vulnerable government sever in UK. “The Exim exploit allows an attacker to gain access using specially crafted email and install programs, modify data and create new accounts gaining foothold on a compromised network.”
The ghost of 2016 still carries on. It’s not so easy to get over it. US intelligence agencies seem to be nearly convinced that Russia might upstage again the hacking way. The NSA did not make public as to who the Russian military hackers have targeted. Senior intelligence officials have been warning in recent months that Kremlin agents are once again engaged in activities with the aim to compromise the integrity of the November presidential elections. Democracy and hacking have gone into a wrestling bout.
DEMOCRACY HANGS ON A DELICATE BALANCE AT THE MERCY OF THE HACKER.