- SmarterTools affected by Warlock ransomware exploiting CVE-2026-23760 in SmarterMail
- The breach affected the office network and data center, but business applications and account data remained secure
- The company fixed the vulnerability, abandoned Windows servers and abandoned Active Directory to prevent recurrence.
US software company SmarterTools confirmed it was the victim of ransomware, but said the attack did not affect its business applications or account data.
In a data breach notification posted on the company’s website, chief commercial officer Derek Curtis said the company failed to update a server, which was later compromised by a known vulnerability.
“Prior to the breach, we had approximately 30 servers/VMs with SmarterMail installed throughout our network. Unfortunately, we were unaware of a VM, configured by an employee, that was not updated. As a result, that mail server was compromised, which led to the breach,” Curtis explained.
Linux and Windows
The vulnerability in question, according to BleepingComputer, is CVE-2026-23760, an authentication bypass flaw in SmarterMail before Build 9518 that allows administrator passwords to be reset and full privileges gained.
Curtis also said SmarterTools isolates its networks in the event of a breach, allowing its website, shopping cart, My Account portal and other services to remain online while the issue is resolved. “None of our business applications or account data have been affected or compromised,” it added.
The office network and a data center where most quality control work is carried out were affected, it was further explained.
CyberInsider said the breach was attributed to the Warlock ransomware gang, allegedly famous for targeting Microsoft-based infrastructure. This group appears to have attacked SmarterTools with a Windows-based encryptor, while the majority of the infrastructure was under Linux.
“As we are now primarily a Linux company, only about 12 Windows servers appeared to be compromised, and on those servers our antivirus blocked most efforts,” Curtis also said. “None of the Linux servers were affected.”
To ensure there was no follow-up, SmarterTools completely abandoned Windows wherever it could, and no longer uses Active Directory Services (which the crooks used to move laterally across the network.)
Those of you running SmarterTools who are worried you might be next should make sure to upgrade to version 9518 (January 15) to fix the vulnerability. Build 9526, released on January 22, supplements the fixes with additional improvements.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
