{"id":35236,"date":"2020-05-28T15:58:18","date_gmt":"2020-05-28T15:58:18","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/31249\/NSA-Warns-Of-New-Sandworm-Attacks-On-Email-Servers.html"},"modified":"2020-05-28T15:58:18","modified_gmt":"2020-05-28T15:58:18","slug":"nsa-warns-of-new-sandworm-attacks-on-email-servers","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/nsa-warns-of-new-sandworm-attacks-on-email-servers\/","title":{"rendered":"NSA Warns Of New Sandworm Attacks On Email Servers"},"content":{"rendered":"<p><span class=\"img aspect-set\"><img decoding=\"async\" src=\"https:\/\/zdnet2.cbsistatic.com\/hub\/i\/2020\/04\/30\/14b50c96-e96a-4771-9b49-8d50c6f72ad1\/nsa-logo.jpg\" class alt=\"NSA logo\"><\/span><span class=\"credit\">Image: Pankaj Patel, NSA, ZDNet<\/span><\/p>\n<p>The US National Security Agency (NSA) has published today a security alert warning of a new wave of cyberattacks against email servers, attacks conducted by one of Russia&#8217;s most advanced cyber-espionage units.<\/p>\n<p>The NSA says that members of Unit 74455 of the GRU Main Center for Special Technologies (GTsST), a division of the Russian military intelligence service, have been attacking email servers running the Exim mail transfer agent (MTA).<\/p>\n<p>Also known as &#8220;<a href=\"https:\/\/malpedia.caad.fkie.fraunhofer.de\/actor\/sandworm\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Sandworm<\/a>,&#8221; this group has been hacking Exim servers since August 2019 by exploiting a critical vulnerability tracked as CVE-2019-10149, the NSA said in a security alert [<a href=\"https:\/\/media.defense.gov\/2020\/May\/28\/2002306626\/-1\/-1\/0\/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">PDF<\/a>] shared today with <em>ZDNet<\/em>.<\/p>\n<p>&#8220;When Sandworm exploited CVE-2019-10149, the victim machine would subsequently download and execute a shell script from a Sandworm-controlled domain,&#8221; the NSA says.<\/p>\n<p>This <a href=\"https:\/\/www.virustotal.com\/gui\/url\/8360d152cc3dfde155f476c5b879b854518340d13c56b46db0e03b869595e8a1\/detection\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">shell script<\/a> would:<\/p>\n<ul>\n<li>Add privileged users<\/li>\n<li>Disable network security settings<\/li>\n<li>Update SSH configurations to enable additional remote access<\/li>\n<li>Execute an additional script to enable follow-on exploitation<\/li>\n<\/ul>\n<p>The NSA is now warning private and government organizations to update their Exim servers to version 4.93 and look for signs of compromise. Indicators of compromise are available in the NSA&#8217;s PDF, linked above.<\/p>\n<h3>Sandworm had 9 months to carry out attacks<br \/><\/h3>\n<p>The Sandworm group has been active since the mid-2000s and is believed to be the hacker group who developed the BlackEnergy malware that caused a blackout in Ukraine in December 2015 and December 2016, and the group who developed the infamous NotPetya ransomware that caused damages of billions of US dollars to companies all over the world. It is currently considered one of the two most advanced Russian state-sponsored hacking groups, together with <a href=\"https:\/\/www.zdnet.com\/article\/turla-hacker-group-steals-antivirus-logs-to-see-if-its-malware-was-detected\/\" target=\"_blank\" rel=\"noopener noreferrer\">Turla<\/a>.<\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_zd_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\">\n<\/section>\n<p>The CVE-2019-10149 vulnerability was disclosed in June 2019, and was codenamed &#8220;<a href=\"https:\/\/www.zdnet.com\/article\/new-rce-vulnerability-impacts-nearly-half-of-the-internets-email-servers\/\" target=\"_blank\" rel=\"noopener noreferrer\">Return of the WIZard<\/a>.&#8221;<\/p>\n<p>Within a week after it was disclosed, <a href=\"https:\/\/www.zdnet.com\/article\/exim-email-servers-are-now-under-attack\/\" target=\"_blank\" rel=\"noopener noreferrer\">hacking groups began abusing it<\/a>. After two weeks, Microsoft had also issued an alert at the time, warning Azure customers that a threat actor had developed <a href=\"https:\/\/www.zdnet.com\/article\/microsoft-warns-azure-customers-of-exim-worm\/\" target=\"_blank\" rel=\"noopener noreferrer\">an Exim self-spreading worm<\/a> that exploited this vulnerability to take over servers running on Azure infrastructure.<\/p>\n<p>Nearly half of the internet&#8217;s email servers run Exim. <a href=\"http:\/\/www.securityspace.com\/s_survey\/data\/man.202004\/mxsurvey.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">According to stats from May 1, 2020<\/a>, only a half of all Exim servers have been updated to version 4.93, or later, leaving a large number of Exim instances exposed to attacks.<\/p>\n<p>&#8220;Many orgs fixate on the new and shiny, like cloud and mobile. However, they forget that really old services like SMTP run a big chunk of their personal and business lives, and by definition those services are Internet-exposed,&#8221; <a href=\"https:\/\/twitter.com\/taosecurity\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">Richard Bejtlich<\/a>, Principal Security Strategist at cyber-security firm <a href=\"https:\/\/www.corelight.com\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Corelight<\/a>, told <em>ZDNet<\/em>.<\/p>\n<p>&#8220;They make perfect targets for adversaries as they face the Internet, they handle the most sensitive data, and people treat them like appliances, meaning they are often forgotten so long as they continue working, and are not monitored.&#8221;<\/p>\n<h3>Naming-and-shaming continues<br \/><\/h3>\n<p>But today&#8217;s NSA security advisory also has two other purposes besides just urging Exim administrators to patch their servers.<\/p>\n<p>It&#8217;s also meant to burn a lot of Sandworm offensive infrastructure. Following today&#8217;s alert, Sandworm operators are most likely to lose access to many of the servers they&#8217;ve been hacking for the past nine months, as server administrators deploy patches and remove Sandworm backdoors.<\/p>\n<p>Second, the advisory draws the world&#8217;s attention to Russia&#8217;s cyber-espionage operations, again. Many of these Russian opreations have often crossed a line of what&#8217;s acceptible in modern-day cyber-intelligence gathering by often causing havoc in the real world (i.e. NotPetya, BadRabbit, BlackEnergy, Georgia DDoS attacks, DNC hack, etc.).<\/p>\n<p>The US and fellow Five Eyes countries have made <a href=\"https:\/\/www.zdnet.com\/article\/the-new-weapon-against-russian-cyber-attacks-naming-and-shaming\/\" target=\"_blank\" rel=\"noopener noreferrer\">naming and shaming Russian cyber-attacks a matter of policy<\/a>, since at least late 2018, and they have continued ever since, expanding the policy to Chinese, Iranian, and North Korean operations as well.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/31249\/NSA-Warns-Of-New-Sandworm-Attacks-On-Email-Servers.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":35237,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[8680],"class_list":["post-35236","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinegovernmentemailusarussiacyberwarnsa"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>NSA Warns Of New Sandworm Attacks On Email Servers 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/nsa-warns-of-new-sandworm-attacks-on-email-servers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NSA Warns Of New Sandworm Attacks On Email Servers 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/nsa-warns-of-new-sandworm-attacks-on-email-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-05-28T15:58:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/nsa-warns-of-new-sandworm-attacks-on-email-servers.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"NSA Warns Of New Sandworm Attacks On Email Servers\",\"datePublished\":\"2020-05-28T15:58:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/\"},\"wordCount\":634,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/nsa-warns-of-new-sandworm-attacks-on-email-servers.jpg\",\"keywords\":[\"headline,government,email,usa,russia,cyberwar,nsa\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/\",\"name\":\"NSA Warns Of New Sandworm Attacks On Email Servers 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/nsa-warns-of-new-sandworm-attacks-on-email-servers.jpg\",\"datePublished\":\"2020-05-28T15:58:18+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/nsa-warns-of-new-sandworm-attacks-on-email-servers.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/nsa-warns-of-new-sandworm-attacks-on-email-servers.jpg\",\"width\":1000,\"height\":500},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nsa-warns-of-new-sandworm-attacks-on-email-servers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,government,email,usa,russia,cyberwar,nsa\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinegovernmentemailusarussiacyberwarnsa\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"NSA Warns Of New Sandworm Attacks On Email Servers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"NSA Warns Of New Sandworm Attacks On Email Servers 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/nsa-warns-of-new-sandworm-attacks-on-email-servers\/","og_locale":"en_US","og_type":"article","og_title":"NSA Warns Of New Sandworm Attacks On Email Servers 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/nsa-warns-of-new-sandworm-attacks-on-email-servers\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-05-28T15:58:18+00:00","og_image":[{"width":1000,"height":500,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/nsa-warns-of-new-sandworm-attacks-on-email-servers.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/nsa-warns-of-new-sandworm-attacks-on-email-servers\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/nsa-warns-of-new-sandworm-attacks-on-email-servers\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"NSA Warns Of New Sandworm Attacks On Email Servers","datePublished":"2020-05-28T15:58:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/nsa-warns-of-new-sandworm-attacks-on-email-servers\/"},"wordCount":634,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/nsa-warns-of-new-sandworm-attacks-on-email-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/nsa-warns-of-new-sandworm-attacks-on-email-servers.jpg","keywords":["headline,government,email,usa,russia,cyberwar,nsa"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/nsa-warns-of-new-sandworm-attacks-on-email-servers\/","url":"https:\/\/www.threatshub.org\/blog\/nsa-warns-of-new-sandworm-attacks-on-email-servers\/","name":"NSA Warns Of New Sandworm Attacks On Email Servers 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/nsa-warns-of-new-sandworm-attacks-on-email-servers\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/nsa-warns-of-new-sandworm-attacks-on-email-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/nsa-warns-of-new-sandworm-attacks-on-email-servers.jpg","datePublished":"2020-05-28T15:58:18+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/nsa-warns-of-new-sandworm-attacks-on-email-servers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/nsa-warns-of-new-sandworm-attacks-on-email-servers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/nsa-warns-of-new-sandworm-attacks-on-email-servers\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/nsa-warns-of-new-sandworm-attacks-on-email-servers.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/nsa-warns-of-new-sandworm-attacks-on-email-servers.jpg","width":1000,"height":500},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/nsa-warns-of-new-sandworm-attacks-on-email-servers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,government,email,usa,russia,cyberwar,nsa","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinegovernmentemailusarussiacyberwarnsa\/"},{"@type":"ListItem","position":3,"name":"NSA Warns Of New Sandworm Attacks On Email Servers"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35236","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=35236"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35236\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/35237"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=35236"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=35236"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=35236"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}