{ "id": "70e5fb9b-e2a2-430b-9f93-8b26259b4ee6", "created_at": "2026-04-06T01:32:40.591553Z", "updated_at": "2026-04-10T03:30:30.277424Z", "deleted_at": null, "sha1_hash": "a4434fa5f5bde91c989aae8fc9cf642aaad1747a", "title": "NCSC supports US advisory regarding GRU intrusion set Sandworm", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 208604, "plain_text": "NCSC supports US advisory regarding GRU intrusion set\r\nSandworm\r\nPublished: 2020-05-28 · Archived: 2026-04-06 01:12:29 UTC\r\nNews\r\nThe US National Security Agency has today published an advisory regarding the GRU - the Russian military\r\nintelligence service.\r\niStock.com/Jane_Kelly\r\nThe advisory relates to the ongoing exploitation of Exim vulnerability CVE-2019-10149 by the GRU.\r\nTo mitigate the CVE -2019-10149 vulnerability, providers should update Exim immediately by installing version\r\n4.93 or newer.\r\nThe NCSC has previously published an advisory providing details of a number of Exim mail server vulnerabilities\r\nand mitigation advice.\r\nA spokesperson for the NCSC said:\r\n“We support the findings published today in the NSA advisory’s regarding the GRU intrusion set known as\r\n‘Sandworm’.\r\n“We have notified UK providers affected by this activity and have recommended they protect users by patching\r\nthe vulnerability.\r\n“The UK and its allies will continue to expose those who conduct hostile and destabilising cyber attacks.”\r\nPublished\r\nPublish date\r\n28 May 2020\r\nNews type\r\nhttps://www.ncsc.gov.uk/news/ncsc-supports-sandworm-advisory\r\nPage 1 of 2\n\nStatement\r\nSource: https://www.ncsc.gov.uk/news/ncsc-supports-sandworm-advisory\r\nhttps://www.ncsc.gov.uk/news/ncsc-supports-sandworm-advisory\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "references": [ "https://www.ncsc.gov.uk/news/ncsc-supports-sandworm-advisory" ], "report_names": [ "ncsc-supports-sandworm-advisory" ], "threat_actors": [ { "id": "8941e146-3e7f-4b4e-9b66-c2da052ee6df", "created_at": "2023-01-06T13:46:38.402513Z", "updated_at": "2026-04-10T02:00:02.959797Z", "deleted_at": null, "main_name": "Sandworm", "aliases": [ "IRIDIUM", "Blue Echidna", "VOODOO BEAR", "FROZENBARENTS", "UAC-0113", "Seashell Blizzard", "UAC-0082", "APT44", "Quedagh", "TEMP.Noble", "IRON VIKING", "G0034", "ELECTRUM", "TeleBots" ], "source_name": "MISPGALAXY:Sandworm", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "7bd810cb-d674-4763-86eb-2cc182d24ea0", "created_at": "2022-10-25T16:07:24.1537Z", "updated_at": "2026-04-10T02:00:04.883793Z", "deleted_at": null, "main_name": "Sandworm Team", "aliases": [ "APT 44", "ATK 14", "BE2", "Blue Echidna", "CTG-7263", "FROZENBARENTS", "G0034", "Grey Tornado", "IRIDIUM", "Iron Viking", "Quedagh", "Razing Ursa", "Sandworm", "Sandworm Team", "Seashell Blizzard", "TEMP.Noble", "UAC-0082", "UAC-0113", "UAC-0125", "UAC-0133", "Voodoo Bear" ], "source_name": "ETDA:Sandworm Team", "tools": [ "AWFULSHRED", "ArguePatch", "BIASBOAT", "Black Energy", "BlackEnergy", "CaddyWiper", "Colibri Loader", "Cyclops Blink", "CyclopsBlink", "DCRat", "DarkCrystal RAT", "Fobushell", "GOSSIPFLOW", "Gcat", "IcyWell", "Industroyer2", "JaguarBlade", "JuicyPotato", "Kapeka", "KillDisk.NCX", "LOADGRIP", "LOLBAS", "LOLBins", "Living off the Land", "ORCSHRED", "P.A.S.", "PassKillDisk", "Pitvotnacci", "PsList", "QUEUESEED", "RansomBoggs", "RottenPotato", "SOLOSHRED", "SwiftSlicer", "VPNFilter", "Warzone", "Warzone RAT", "Weevly" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775439160, "ts_updated_at": 1775791830, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/a4434fa5f5bde91c989aae8fc9cf642aaad1747a.pdf", "text": "https://archive.orkl.eu/a4434fa5f5bde91c989aae8fc9cf642aaad1747a.txt", "img": "https://archive.orkl.eu/a4434fa5f5bde91c989aae8fc9cf642aaad1747a.jpg" } }