CATEGORIES
home News

FBI Obtains Court Order To Infiltrate Hundreds Of Hacked MS Exchange Servers To Remove Backdoors

by Nathan OrdWednesday, April 14, 2021, 11:43 AM EDT
doj authorizes fbi to remove web shells from us companies vulnerable to ms exchange zero days
The Microsoft Exchange zero-day vulnerabilities seemed to cause quite a bit of havoc across several industries and organizations. Since it was first discovered, however, patches have been rolling out from Microsoft and frantic orders to patch servers have been trickling down. Clearly, that was not enough, as web shells remained on many systems, thus allowing access to the vulnerable systems. Subsequently, the U.S Department of Justice authorized the FBI to disable these web shells and notify the organizations who were breached in a “successful” operation announced yesterday.

In January through March, malicious actors and hacking groups used the Microsoft Exchange vulnerabilities to access emails and drop web shells on networks to get future access. Web shells are pieces of code that allow command execution on a system from the web, which could be problematic for security. As reported by the DOJ Southern District of Texas, “Many infected system owners successfully removed the web shells from thousands of computers,” yet others either did not or were unable to complete the process.

Therefore, the DOJ permitted the FBI to remove these web shells (with a court order) via commands through the web shell. These commands caused the server to delete the web shell, “identified by its unique file path.” It is reported that the “operation was successful in copying and removing those web shells,” but it did not patch servers, so server admins still have work to do. Moreover, “the FBI is attempting to provide notice of the court-authorized operation to all owners or operators of the computers from which it removed the hacking group’s web shells.”

Hopefully, between removing web shells and being notified that a server is vulnerable, admins will have an easier time patching. However, as Ronald Regan stated, the nine most terrifying words in the English language are “I’m from the Government, and I’m here to help.” In this case, the help was needed for vulnerable servers, and hopefully, it will kick people into gear to defend networks better. In any case, let us know what you think of the FBI's actions in the comments below.
Tags:  Microsoft, FBI, vulnerability, cybersecurity, Microsoft-Exchange, Department-of-Justice, (nasdaq:msft)
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment