FBI to remove backdoors from hacked Microsoft Exchange email servers

By Nikita Chaurasia  | Date: 2021-04-14

FBI to remove backdoors from hacked Microsoft Exchange email servers

Following the recent cyber-attack in the US, a court in Houston has reportedly authorized a new FBI operation to copy and eliminate backdoors from large number of Microsoft Exchange email servers across the country. During this hacking event, the hackers had reportedly used four previously unidentified vulnerabilities for attacking thousands of networks.

For the record, in March, Microsoft had identified a new Chinese state-sponsored group of hackers, Hafnium, who targeted Exchange servers run from company networks. Four vulnerabilities when linked together, enabled the attackers to enter an unprotected Exchange server and gain access to its contents.

Although the company fixed the vulnerabilities, the patches could not close the backdoors from the servers that were breached already. Within days of this event, other hacking groups also started hitting the undefended servers with same faults for incorporating the ransomware.

The Justice Department mentioned in its statement that the number of infected servers reduced as patches were used. However, hundreds of Exchange servers remained vulnerable as the backdoors are difficult to identify and eliminate.

Regarding the operation, the statement mentioned that it had eliminated rest of the web shells of an early hacking group. This could have been used for maintaining and escalating continuous and unauthorized access to the U.S. networks. It also added that the FBI had carried out the removal by running a command through the web shell to the server, which was designed to let the server delete only the web shell.

Speaking on the matter, the FBI has stated that it is making attempts to inform owners through email of servers from which it removed the backdoors.

Meanwhile, John C. Demers, Assistant attorney general stated that the operation highlights the Department’s commitment towards disrupting the hacking activity using all the legal tools and not just prosecutions.

This is apparently the first case of FBI wherein it is cleaning up of the private networks effectively following a cyberattack.

Source credits: https://techcrunch.com/2021/04/13/fbi-launches-operation-to-remotely-remove-microsoft-exchange-server-backdoors/

About Author

Nikita Chaurasia     aeresearch.net

Nikita Chaurasia

An accomplished professional in the field of content development, playing with words comes naturally to Nikita Chaurasia. After completing her post-graduate MBA degree in Advertising and PR, Nikita worked across numerous content-driven verticals, undertaking diverse r...

Read More >>

More News By Nikita Chaurasia

Pacific Island pushes Japan to delay wastewater release from Fukushima

Pacific Island pushes Japan to delay wastewater release from Fukushima

By Nikita Chaurasia

Pacific Island nations have reportedly pushed Japan to postpone the release of Fukushima nuclear power plant wastewater due to concerns that it may pollute fishing grounds. An appeal was made on Wednesday when Japan announced that treated sewage f...

Activist groups take Danone to court over excessive use of plastics

Activist groups take Danone to court over excessive use of plastics

By Nikita Chaurasia

Danone, the French bottled water and yogurt firm, is reportedly being sued in court by three environmental activists’ groups for failing to cut its plastic footprint significantly. According to the groups, the maker of Evian and Volvic miner...

Bosch expands security with dashcams designed for rideshare drivers

Bosch expands security with dashcams designed for rideshare drivers

By Nikita Chaurasia

Bosch, the German technology company, has reportedly expanded its security footprint in the ridesharing market with the launch of its latest security dashcams. At CES 2023, Las Vegas, the German tech firm unveiled a new integrated smart camera on ...

Australia: PM Albanese denies potential $450M payout to Rio Tinto

Australia: PM Albanese denies potential $450M payout to Rio Tinto

By Nikita Chaurasia

Australia's Prime Minister Anthony Albanese has reportedly denied rumors that Rio Tinto and its partners could receive a $450 million settlement for the Gladstone power station, which would bring the total compensation for the coal price limit to...

UK: Firms still struggle with post-Brexit trading and red tape

UK: Firms still struggle with post-Brexit trading and red tape

By Nikita Chaurasia

Businesses in the UK are still reportedly grappling after two years following the beginning of post-Brexit trading, as suggested by a new report. According to the British Chambers of Commerce (BCC), firms are still battling increased red tape and ...