FBI Obtains Court Order To Infiltrate Hundreds Of Hacked MS Exchange Servers To Remove Backdoors
In January through March, malicious actors and hacking groups used the
Therefore, the DOJ permitted the FBI to remove these web shells (with a court order) via commands through the web shell. These commands caused the server to delete the web shell, “identified by its unique file path.” It is reported that the “operation was successful in copying and removing those web shells,” but it did not patch servers, so server admins still have work to do. Moreover, “the FBI is attempting to provide notice of the court-authorized operation to all owners or operators of the computers from which it removed the hacking group’s web shells.”
Hopefully, between removing web shells and being notified that a server is vulnerable, admins will have an easier time patching. However, as Ronald Regan stated, the nine most terrifying words in the English language are “I’m from the Government, and I’m here to help.” In this case, the help was needed for vulnerable servers, and hopefully, it will kick people into gear to defend networks better. In any case, let us know what you think of the FBI's actions in the comments below.