FBI says will remove backdoors from hacked Microsoft Exchange servers
The Federal Bureau of Investigation (FBI) has launched a mega
operation to copy and remove malicious web shells from hundreds of vulnerable
computers in the US that were running on-premises versions of Microsoft Exchange
Server software used to provide enterprise-level email service.
A court in Houston has authorised an FBI operation to
"copy and remove" backdoors from hundreds of Microsoft Exchange
email servers that have been compromised by nation-state hackers, including
from China.
"Today's court-authorised removal of the malicious web shells
demonstrates the Department's commitment to disrupt hacking activity using all
of our legal tools, not just prosecutions," Assistant Attorney General
John C. Demers for the Justice Department's National Security Division said in
a statement on Tuesday.
Earlier reports have claimed that five different hacking groups
(including China-backed hacking group called 'Hafnium') are exploiting
vulnerabilities in the business email servers of Microsoft.
Through January and February this year, certain hacking groups
exploited zero-day vulnerabilities in Microsoft Exchange Server software to
access email accounts and place web shells for continued access.
Web shells are pieces of code or scripts that enable remote
administration.
Other hacking groups followed suit starting in early March after
the vulnerability and patch were publicised.
Comments
Post a Comment