The U.S. National Security Agency says the same
Russian military hacking group that interfered
in the 2016 presidential election and unleashed
a devastating malware attack the following
year has been exploiting a major email server
program since last August or earlier.
The timing of the agency’s advisory was unusual
considering that the critical vulnerability in
the Exim Mail Transfer Agent — which mostly
runs on Unix-type operating systems — was
identified 11 months ago, when a patch
was issued.