The Federal Bureau of Investigation (FBI) has accessed “hundreds” of vulnerable exchange servers across the United States that run insecure versions of a Microsoft software to fix them, the Department of Justice announced on April 13.
The court-approved operation involved the FBI accessing computers to remove a malicious malware left behind by hackers through Microsoft’s Exchange Server software, which provides e-mail services to businesses.
Microsoft had earlier announced in early March that a group of hackers, known as Hafnium, that works for the Chinese government had been exploiting a weakness in the server.
Microsoft said the hackers placed a malware into “tens of thousands” of servers running the software, allowing the hackers to return at a later date.
In the FBI’s operation, they used the same weakness to access vulnerable computers to remove the backdoors or “web shells.”
“Today’s operation removed one early hacking group’s remaining web shells, which could have been used to maintain and escalate persistent, unauthorized access to U.S. networks.
The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell (identified by its unique file path),” the FBI stated in a press release.
“Our successful action should serve as a reminder to malicious cyber actors that we will impose risk and consequences for cyber intrusions that threaten the national security and public safety of the American people and our international partners,” Acting Assistant Director Tonya Ugoretz of the FBI’s Cyber Division stated.
The FBI also said that it is “attempting” to notify all the owners of the affected computers that the agency has removed the malware by sending them or their internet service providers an e-mail.
© Fourth Estate
® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.