Targeting of email servers using Exim mail transfer agent
Date of report
  • May 2020
Hackers from Sandworm exploited a zero-day vulnerability in Exim mail transfer agent software, which runs on email servers around the world, granting them the ability to remotely execute commands on the compromised servers.
Suspected victims
  • Exim mail server users
Suspected state sponsor
  • Russian Federation
Type of incident
  • Espionage
Target category
  • Private sector
  • Government
  • Military
  • Civil society
Victim government reaction
  • Yes
Policy response