NSA: Russia's Sandworm Hackers Have Hijacked Mail Servers


NSA: Russia’s Sandworm Hackers Have Hijacked Mail Servers

A warning that hackers are exploiting vulnerable email servers doesn’t exactly qualify as an unusual event. But when that warning comes from the National Security Agency, and the hackers are some of the most dangerous state-sponsored agents in the world, run-of-the-mill email server hacking becomes significantly more alarming.

On Thursday, the NSA issued an advisory that the Russian hacker group known as Sandworm, a unit of the GRU military intelligence agency, has been actively exploiting a known vulnerability in Exim, a commonly used mail transfer agent—an alternative to bigger players like Exchange and Sendmail—running on email servers around the world. The agency warns that Sandworm has been exploiting vulnerable Exim mail servers since at least August of 2019, using the hacked servers as an initial infection point on target systems and likely pivoting to other parts of the victim’s network. And while the NSA hasn’t said who those targets have been—or how many there are—Sandworm’s history as one of the most aggressive and destructive hacking organizations in the world makes any new activity from the group worth noting.





Like it? Share with your friends!

What's Your Reaction?

Angry Angry
0
Angry
Confused Confused
0
Confused
Buffoon Buffoon
0
Buffoon
Cry Cry
0
Cry
Cute Cute
0
Cute
WOW WOW
0
WOW
Dislike Dislike
0
Dislike
Fail Fail
0
Fail
Geek Geek
0
Geek
Like Like
0
Like

Send this to a friend