The Russia-linked APT group Sandworm has been spotted exploiting a vulnerability in the internet s top email server software. The bug exists in the Exim Mail Transfer Agent (MTA) software, an open-source offering used on Linux and Unix-like systems. Exim is the default MTA included on some Linux distros like Debian and Red Hat, and Exim-based mail servers in general run almost 57 percent of the internet’s email servers. The APT has been linked to the Industroyer attack on the Ukrainian power grid as well as the infamous NotPetya attacks.
Source: https://threatpost.com/nsa-sandworm-spy-attacks-exim-mail-servers/156125/