In what could be such an operation, the FBI recently accessed private servers in the United States, apparently to remove malware that was previously installed by foreign hackers.
The FBI has targeted this unique digital cleanup to servers running the vulnerable Microsoft Exchange e-mail product. US Department of Justice he said Tuesday that the purpose of the office’s operation was to digitally delete traces of web shells that, if left unchecked, “could have been used to maintain and escalate persistent unauthorized access to US networks.”
Security flaws affecting the Microsoft product are well known and I covered them quite extensive. Since the company revealed its Exchange vulnerabilities in early March, the hackers roared exposed servers around the world to throw data and perform ransomware attacks.
Of all the groups involved, the Chinese group called “HAFNIUM” seems to have been most concerned about the US authorities. The group, which used web shells as backdoors in US networks, is said to have aggressively targeted the Exchange for email theft and data leakage.
G / O Media may receive a commission
A self-declaration unsealed Tuesdays strongly imply that the purpose of the FBI operation was to remove malware specifically implemented by HAFNIUM. While the Department of Justice does not explicitly name HAFNIUM (referring only for “an early piracy group” as the target of the investigation), is the only threat actor explicitly mentioned in the FBI’s statement of confidence.
A DOJ Press release note:
“Although many infected system owners have successfully removed web shells from thousands of computers, others seemed unable to do so, and hundreds of such web shells persisted without attenuation.
The operation seems to haveWe were strictly targeted by this campaign because the feds did not “look for or remove additional malware or hacking tools that hacking groups could place on victims’ networks by exploiting web shells.
It may be the first time the FBI has done such an operation, TechCrunch reports. For years, the office has sought greater powers and authority when it comes to it conducting digital investigations in the US, although critics and civil liberties advocates have consistently fought against such intrusions into private servers.