US National Security Agency aka NSA has issued a press update yesterday that hackers funded by Russian military agency have launched a malicious malware campaign to exploit the Exim Internet Email Server program since Aug’19.
And the news is out that the hacking group which was previously involved in hacking the US Elections 2016 has achieved the feat by exploiting the vulnerability in Exim Mail Transfer Agent which operates on the UNIX Operating system.
Precisely, Exim is a message transfer agent that was developed by the University of Cambridge and is being termed with a GNU General Public License. It is used by some government agencies and contractors. And security experts say that all unpatched UNIX Operating systems exhibiting the vulnerability might be exploited.
Jake Williams, a former hacker who worked for the US Government and now the President of Rendition Infosec disclosed the vulnerability to the world on Thursday and it took only a few minutes for him to break into a government server in Britain.
Note 1- Sandworm is the same group that works for Russian intelligence named GRU and was into hacking the 2016 US polls which eventually went in favor of Donald Trump. So, NSA has issued an alert to all government agencies over the Russian Military Group Sandworm which is found using newly drafted emails from the email server with malicious links aimed to infect the victims.
Note 2- The 2017 NotPetya Cyber Attack was also launched by GRU propelled Sandworm which targeted most businesses operating in Ukraine. It caused around $10 billion damage and reportedly hit the Maersk shipping company from Denmark very badly.