NSA warns Russian hackers exploited email flaw

Russian cyberattacks 

Russian hackers have compromised a longstanding vulnerability in a widely used email delivery software program since at least August of last year, according to an advisory from the National Security Agency.

The flaw is serious, and allows what NSA characterizes as "pretty much any attacker’s dream access." It allows hackers to turn off network security, add privileged users and enable remote connections and subsequent penetrations.

A Russian military intelligence team called Sandworm is responsible, NSA says, for leveraging a flaw in the Exim Mail Transfer Agent software – a program in very wide use by email administrators. An estimate from last October indicated that Exim was in use in almost 500,000 email servers worldwide, and was by far the most widely used software of its type. NSA notes that Exim is the default software on some Linux-based email systems.

The vulnerability was introduced in a June 2019 update, NSA says, and was remediated in the most recent version of the software. Exim has been publicly urging users to update even before NSA revealed the exploitation of the flaw. NSA is urging administrators to conduct checks for prior exploitation on their networks and by looking for unauthorized accounts or remote access authorizations.

Sandworm, an element of Russia's GRU, has been blamed for the devastating NotPetya cyberattack that crippled the systems of global shipping firm Maersk and cost global firms upward of $1 billion in mitigation and recovery costs. Sandworm has also been linked to efforts to compromise the mobile operating system Android and attempts to target the U.S. electrical grid.

The group was also called out in a Feb. 20 statement by the Department of State for a cyberattack that disrupted government websites and broadcast television in the Republic of Georgia.

"This action contradicts Russia's attempts to claim it is a responsible actor in cyberspace and demonstrates a continuing pattern of reckless Russian GRU cyber operations against a number of countries," Secretary of State Mike Pompeo said at the time.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    OPM nominee plans focus on telework, IT, retirement

    Kiran Ahuja, a veteran of the Office of Personnel Management, told lawmakers that she thinks that the lack of consistent leadership in the top position at OPM has taken a toll on the ability of the agency to complete longer term IT modernization projects.

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

Stay Connected