MSFT - FBI remotely accessed Microsoft Exchange servers to remove backdoor for hackers
Last month, Microsoft (MSFT) discovered that a China-linked hacking group called Hafnium was targeting the company's Exchange servers through four vulnerabilities. Microsoft rolled out patches, but the fixes didn't close backdoors opened in attacked servers.Yesterday, the Justice Department announced that a Houston court authorized a FBI "copy and remove" operation to remove malicious web shells, which allow remote access to a server, from "hundreds of vulnerable computers in the United States that were running on-premise versions of Exchange.The FBI issued a command through the web shell to the server that caused the deletion of only the compromised shell."This operation removed one early hacking group’s remaining web shells which could have been used to maintain and escalate persistent, unauthorized access to U.S. networks," says the Justice Department.The FBI is " attempting to provide notice of the court-authorized operation to all owners or operators of the computers from which it removed the hacking group’s web shells."Sources:
For further details see:
FBI remotely accessed Microsoft Exchange servers to remove backdoor for hackers