NSA: Russia’s Sandworm Hackers Have Hijacked Mail Servers
A warning that hackers are exploiting vulnerable email servers doesn’t exactly qualify as an unusual event. But when that warning comes from the National Security Agency, and the hackers are some of the most dangerous state-sponsored agents in the world, run-of-the-mill email server hacking becomes significantly more alarming.
On Thursday, the NSA issued an advisory that the Russian hacker group known as Sandworm, a unit of the GRU military intelligence agency, has been actively exploiting a known vulnerability in Exim, a commonly used mail transfer agent—an alternative to bigger players like Exchange and Sendmail—running on email servers around the world. The agency warns that Sandworm has been exploiting vulnerable Exim mail servers since at least August of 2019, using the hacked servers as an initial infection point on target systems and likely pivoting to other parts of the victim’s network. And while the NSA hasn’t said who those targets have been—or how many there are—Sandworm’s history as one of the most aggressive and destructive hacking organizations in the world makes any new activity from the group worth noting.