The FBI Has Launched an Operation to Remove the Backdoors from Hacked Microsoft Servers

The United States District Court Southern District of Texas, Houston Division has authorized a full FBI operation that is intended to copy and remove the backdoors found in hundreds of Microsoft Exchange Email Servers within the United States. This is happening months after hackers used vulnerabilities, which were undiscovered at the time, to target and attack thousands of networks.

04-14-2021 - The FBI Has Launched an Operation to Remove the Backdoors from Hacked Microsoft Servers

The Justice Department announced the court-authorized effort to disrupt exploitation of Microsoft Exchange Server vulnerabilities on Tuesday, and it described it as successful.

Now, to give you a bit more of a backstory, in March, Microsoft managed to discover a new China state-sponsored hacking group known as Hafnium, which ended up targeting Exchange servers that were being run from company networks. These four vulnerabilities, when chained together, managed to allow hackers to break into a vulnerable Exchange server, and as such, steal the contents it had.

Over time, Microsoft managed to fix these vulnerabilities; however, the patches couldn’t really fix the backdoors from the servers which were already breached. Throughout the following days, other hacking groups started hitting the vulnerable servers with the same flaws in order to deploy ransomware.

You have to know that as the patches ended up being applied to each and every server, the number of infected servers dropped; however, hundreds of Exchange servers remained vulnerable due to the fact that the backdoors were difficult to find and eliminate.

According to a statement from the Justice Department: “This operation removed one early hacking group’s remaining web shells which could have been used to maintain and escalate persistent, unauthorized access to U.S. networks. The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell (identified by its unique file path).”

The FBI actually stated that it is attempting to inform as many owners as possible through email of the servers through which it removed the backdoors.

That being said, the assistant attorney general John C. Demers said that the operation managed to demonstrate the department’s commitment to disrupt hacking activity by using all of the legal tools, not just the prosecutions.

Keep in mind that this operation managed to remove the backdoors and did not patch any vulnerabilities that the hackers exploited to remove any malware left behind after the removal of said backdoors. In a similar case, back in 2016, the Supreme Court moved to allow U.S. judges to issue a search and seizure warrant outside of their district, and critics opposed the move at the time, with fear that the FBI could ask a friendly court to authorize cyber-operations anywhere in the world.

If we take a look at other countries, such as France, they have used similar methods to hijack a botnet and remotely shut it down, which is quite interesting.

Sara Mirchevska
Sara is a tech enthusiast and writer with over five years of experience. She is studying at UACS in North Macedonia. Sara is a creative person who is looking to become a high-tech writer over the years that come. She wants to be up to date with everything in the world that is related to technology and hosting, and she is the one that provides us with news in the web hosting world.

Share this post

"The FBI Has Launched an Operation to Remove the Backdoors from Hacked Microsoft Servers"

The FBI Has Launched an Operation to Remove the Backdoors from Hacked Microsoft Servers