According to an NSA advisory issued May 28, 2020, Russian military-backed Sandworm operatives, part of GRU Unit 74455, have been exploiting a vulnerability in Exim mail transfer agent (MTA) software since at least August 2019. Nearly half of internet email servers run Exim, a software that runs on Linux-based email servers to deliver emails from senders to recipients. The vulnerability was initially discovered in June 2019 and Microsoft issued an advisory to Azure customers a few weeks later, but as of May 1, 2020, half of these Exim servers were still operating on a version that was vulnerable to attack. The NSA advisory explains Sandworm’s exploitation as “any attacker’s dream access,” as the vulnerability has allowed hackers to remotely execute commands and code of their choosing.