NSA urges email providers to update software warning that ‘Russian military hackers’ already gained ‘dream access’ to them

The notorious US spy agency NSA has issued a rare warning to Exim mail server owners, calling on them to update the operating system and claiming that otherwise Russian “military cyber actors” could virtually take control of them.

A request to update one’s operating system is usually so routine, pretty much every personal computer user is accustomed to it. That suddenly ceases to be the case when the request comes from none other the National Security Agency (NSA ), which does not issues such warnings all too often.

As if such a demand coming from a spy agency infamous for its world-spanning secret surveillance activities was not already unnerving enough, the NSA says the reason for such urgent measures is Washington’s favorite boogeyman of late – Russia.

In a short statement on Thursday, US spies said that Exim email servers caught attention of what the US media relentlessly called “one of the most aggressive and destructive hacking organizations in the world” – a group named Sandworm (never mind if you have not heard that name before).

The NSA stated plainly that “the Russian actors, part of the General Staff Main Intelligence Directorate’s (GRU) Main Center for Special Technologies (GTsST)” have penetrated the defenses of mail servers using Exim – a mail transfer agent commonly used in Linux and Unix-based systems, which are in turn widely used in modern servers and workstations.

An Exim vulnerability was supposedly used by the hackers as early as August 2019, before the latest patch for the software came live, allegedly provided them with “any attacker’s dream access,” including an ability to “add privileged users, disable network security settings and execute additional scripts for further network exploitation.”

These convoluted malignant actions are easily countered if the latest patch for Exim is installed immediately, NSA assures. The news was immediately picked up by US tech media outlets like Wired. They went a step further and speculated that, with the new US presidential elections being “right around the corner,” the hackers might be preparing a suitable vantage point for interfering with the US vote once again. Never mind that Russia’s supposed interference in the 2016 vote has never been properly proven in the first place.

The ‘Sandworm' group is quite an obscure entity, blamed for pretty much everything since 2014. It is said to have "almost certainly" launched cyber-attacks on Ukraine, spied on NATO, disrupted the work of multiple US state boards of election in 2016, as well as created the infamous NotPetya virus that inflicted $10 billion damage to the world economy in 2017. Just forget about the fact that Russian companies were hit by it too.

The stories about the group’s notoriety were a go-to topic for Wired in particular. One of its reporters, Andy Greenberg, even published a book on its supposed activities. In February, the US and its allies also officially claimed the group to be GRU’s Unit 74455, some four months after another attack was blamed on it – this time in Georgia. Earlier, the US Department of Justice indicted three of its presumed employees with hacking the DNC in 2016, as part of Special council Robert Mueller’s investigation.

Over all those years, no conclusive proof of the group’s existence, not to mention its ties to the GRU, has been presented. Western accusations against Moscow were overwhelmingly based on "highly likely"-style statements.

Citing this, Moscow has repeatedly dismissed all accusations. “The lack of evidence and political motivation behind this obviously orchestrated information attack are impossible to miss,” the Russian Foreign Ministry said in February.

Since the group’s existence still appears to be an unresolved question, one is left to wonder why an agency such as NSA would be so interested in mail server owners installing a software update with such haste.

Think your friends would be interested? Share this story!