According to the US National Security Agency, they revealed that a major email program has a good probability that it might have been hacked by Russian hackers for over a year, according to NSA intel.
Further investigation into the hacking done by the US National Security Agency shows that the same group of Russian hackers are part of the Russian military. One instance of their interference in the 2016 US presidential elections that was followed by a malware attack in 2017 that has compromise emails in server last August, reported by MarketWatch.
Bad timing
The date of the National Security Agency's warning is not normal with the vulnerability that is very critical for national security. This soft spot in the Exim Mail Transfer Agent that uses a Unix-type operating system was detected some eleven months back, but it is only now the vulnerability in the server has been fixed with a patch to the system.
According to DevDiscourse, most systems use Exim in servers, but the operating system is not as recognized as other operating systems such as Microsoft's US: MSFT proprietary Exchange. Though there are companies and US government agencies that have not applied the patch needed to correct the loophole that will exploit it, according to Jake Williams, president of Rendition Infosec and a former U.S. government hacker.
Plugging the entry into the system is critical to keep hackers out, especially those with intelligence gathering.
Keeping out enemy hackers and also the possibility of leaks had Williams accomplishing an online check to see if the probe can reveal vulnerabilities. About a minute's worth of online checking showed a server in the UK as a possible target for hacking.
Also read: US Navy Warns Foreign Ships in Persian Gulf to Keep Distance or Face the Consequences
He suggested that the NSA did the announcement to make the IP addresses and domain designating the identification of Sandworm, a Russian military group is privy to this name when used in hacking campaign, so they can be identified and stopped.
Exim
What the Exim does is allow the infiltrator to enter most email programs, install programs, data modification, with making new accounts for email programs, then the exploited weakness.
According to the NSA, they did not mention what were the specific targets which the Russian hackers. US intelligence has indicated that Russia will be involved in activities that will be aimed so that US poll results in November will have a doubtable result.
One NSA official told the Associated Press, the National Security is making public what these vulnerabilities are, though a warning in October by the UK said the weakness is getting used till now with a patch needed. With the revelation of Sandworm's activities, it is hoped that others will patch their systems. The official requested not to be identified by the paper.
The sandworm hackers have an association to the Soviet GRU military intel group, which did a number in the 2016 US election according to reports, they were purloining and revealing Democratic National Committee emails, also gaining entry to US voters databases too, in a report by the IndiaTimes.
Another of the exploits was the June 2017 NotPetya cyberattack that targeted businesses located in Ukraine. The attack caused about $10 billion in damage that even affected Maersk. Sandworm has done such attacks that were traced to them by the US and the UK governments.
Related articles: Spy Photos of Russian Jets Captured in Libya, US General Says