- SmarterTools hit by Warlock ransomware exploiting CVE-2026-23760 in SmarterMail
- Breach affected office networks and data center, but business apps and account data remained secure
- The company fixed the vulnerability, dropped Windows servers and dropped Active Directory to prevent a recurrence
US software company SmarterTools confirmed it had been hit by ransomware, but said the attack did not affect its business applications or account data.
In a data breach notice published on the company’s website, Chief Commercial Officer Derek Curtis said the company missed updating a server, which was then compromised through a known vulnerability.
“Prior to the breach, we had approximately 30 servers/VMs with SmarterMail installed across our network. Unfortunately, we were unaware of a VM created by an employee that was not being updated. As a result, this mail server was compromised, leading to the breach,” explained Curtis.
Linux and Windows
The vulnerability in question, according to BleepingComputer, is CVE-2026-23760, an authentication bypass flaw in SmarterMail before Build 9518 that allows resetting administrator passwords and gaining full privileges.
Curtis also said SmarterTools isolates its networks in the event of a breach, which allowed its website, shopping cart, My Account portal and other services to remain online while the issue was resolved. “None of our business applications or account data was affected or compromised,” he added.
The office network and a data center where most of the quality control work is done were affected, it further explained.
CyberInsider said the breach was attributed to the Warlock ransomware gang, reportedly famous for targeting Microsoft-based infrastructure. This group appears to have attacked SmarterTools with a Windows-based encryption, while the majority of the infrastructure was on Linux.
“Because we’re primarily a Linux company now, only about 12 Windows servers appeared to be compromised, and on those servers our virus scanners blocked most efforts,” Curtis also said. “None of the Linux servers were affected.”
To ensure there is no successor, SmarterTools ditched Windows entirely wherever it could and no longer uses Active Directory services (which the bad guys used to move laterally through the network).
Those of you running SmarterTools who are concerned that you might be next should make sure to upgrade to Build 9518 (January 15) to fix the vulnerability. Build 9526, released on January 22, supplements the fixes with further improvements.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
