In what may be a first operation, the FBI recently gained access to private servers in the United States, ostensibly to remove malware previously installed by foreign hackers.
The FBI focused this unique digital clean-up on servers with the vulnerable email product Microsoft Exchange. The United States Department of Justice said Tuesday that the purpose of the agency’s operation was to digitally erase traces of web shells that, if left, “could have been used to maintain and escalate persistent, unauthorized access to US networks.”
The security flaws that plague Microsoft’s product are known and we covered them quite extensive. Since the company’s disclosures about Exchange vulnerabilities in early March, hackers swarmed exposed servers around the world to steal data and carry out ransomware attacks.
Of all the groups involved, the China-based group called “HAFNIUM” appears to have been most concerned about US authorities. The group, which has used web shells as backdoors in US networks, is said to have aggressively targeted Exchange for email theft and data interception.
G / O Media can receive a commission
A federal affidavit unsealed Tuesday strongly implies that the purpose of the FBI’s operation was to remove malware specifically deployed by HAFNIUM. Although the Ministry of Justice HAFNIUM (referral only for “one early hacker group” as the target of the investigation), it is the only threat actor explicitly named in the FBI affidavit.
A DOJ press release remarks:
While many infected system owners have successfully removed web shells from thousands of computers, others have been unable to do so, and hundreds of such web shells have continued unabated. “
The operation appears to havWe were strictly focused on this one specific campaign, as the FBI did not “search for or remove additional malware or hacking tools that hacker groups have placed on victims’ networks using the web shells.
This may be the first time the FBI has conducted such an operation, TechCrunch ReportsFor years, the agency has been seeking more powers and authority when it comes to conducting digital surveys within the US, though critics and civil liberties defenders have consistently fought against such breaches of private servers.