google-site-verification: googlee9447d3b266da5de.html

NCSC (National Cyber Security Centre) - Weekly Threat Report @ncsc #cybersecurity

Weekly Threat Report - 29th May 2020

Exim flaw highlighted by NSA

The US National Security Agency has published an advisory this week relating to the ongoing exploitation of Exim vulnerability CVE-2019-10149.

Russian military cyber actors, known as Sandworm, have been exploiting a vulnerability in Exim mail transfer agent. To mitigate the CVE -2019-10149 vulnerability, providers should update Exim immediately by installing version 4.93 or newer.

The NCSC published a statement in support of the NSA’s findings and has previously published an advisory which provides details and mitigation advice on a number of Exim vulnerabilities.

The UK and its allies have previously exposed numerous campaigns by the GRU of indiscriminate and reckless cyber attacks. Earlier this year, the UK government publicly condemned an unacceptable campaign of cyber attacks against Georgia. The NCSC assessed with the highest level of probability that the Russian GRU was behind these attacks

Researchers disclose new features of latest ComRAT malware

In a whitepaper published this week, cyber security firm ESET detail how new features of the ComRAT v4 malware are being used to target political institutions.

TURLA, one of Russia’s most notorious hacker groups, has targeted two ministries of Foreign Affairs and a national parliament using the ComRAT v4 malware.

The malware uses a complex backdoor to steal sensitive documents and upload these to a public cloud service.

Hackers are now using ComRAT to collect antivirus logs from infected computers. They also noted that ComRAT can use the Gmail web interface to receive commands and exfiltrate data.

This means hackers can take over a victim’s web browser to load malware that takes commands from emails that hackers send to the victim. This is different to the traditional method of using HTTP to execute instructions to victim’s devices.

ComRAT has been used to target political institutions in the past and this appears to be continuing. ESET’s whitepaper provides insight into the attacker’s activity and helpfully provides a list of MITRE ATT&CK techniques.

Our Cyber Assessment Framework (CAF) contains a section on building resilient networks and systems against cyber attacks but these other pieces of guidance might be useful:

Topics Cyber threat

Personal data


Cyber attack

National Cyber Security Centre Weekly Threat Reports

ASKET Cyber Security Resources

ASKET Social Media
  • Grey LinkedIn Icon
  • Grey Twitter Icon
  • Grey Facebook Icon


ASKET Contact


UK Tel: +44 7827 012195

UAE Tel: +971 5283 33164


ASKET Address



86-90 Paul Street​



Company NO: 08763474