A rare advisory from the US National Security Agency (NSA), warning of attacks by Russian military intelligence on vulnerable e-mail servers, is not likely to dissuade the nation-state cyber-espionage group from attacking targets of interest, cybersecurity experts say.
On Thursday, the NSA told organizations that a remotely exploitable vulnerability in the EXIM mail transfer agent, which comes installed by default on some versions of Linux, is being targeted by "Russian cyber actors from the GRU Main Center for Special Technologies (GTsST), field post number 74455" — otherwise known as the Sandworm group. The Sandworm group is one of two main cyber operations groups for Russian military intelligence.
But aside from convincing targeted organizations to take the appropriate actions to protect their systems, the advisory will likely not blunt the attacks, says Greg Lesnewich, a threat intelligence researcher at Recorded Future.
"We have tried naming and shaming of the individual operators and the unit — obviously sanctions have been tried," he says. "I think that Russian intelligence agencies have a high risk tolerance and feel pretty emboldened to do what they are doing, so I'm not entirely sure what we could potentially do to deter them from conducting these activities."
The warning does not bode well for the latest US election cycle. With politics already polarized and disinformation regularly being used by political parties and foreign rivals, the revelation that Russian intelligence has likely gained access to som ..
Support the originator by clicking the read the rest link below.
