The Federal Bureau of Investigation (FBI) got a court order from a judge in Houston, Texas. The purpose of this operation was to get rid of backdoors from hundreds of Microsoft Exchange email servers in the U.S. As a reminder, hackers used four previously undiscovered vulnerabilities to attack thousands of networks.
Last month, Microsoft discovered a new China state-sponsored hacking group called Hafnium. This group targeted Exchange servers run from company networks. The four vulnerabilities when chained together allowed Hafnium to break into a vulnerable Exchange server and steal its contents.
The tech giant fixed the vulnerabilities but the patches did not close the backdoors from the servers that had already been breached. In a couple of days, other hacking groups began using the same method to deploy ransomware. Hopefully, the number of infected servers declined after patches were applied.
However, hundreds of thousands of servers remained vulnerable because it is not an easy task to handle backdoors. It is quite difficult to find and eliminate them according to the Justice Department. Thanks to the operation authorities removed one early hacking group’s remaining web shells.
The agency conducted the removal by issuing a command through the web shell to the server. Authorities are attempting to inform owners visa email of servers from which it removed the backdoors. The operation demonstrated the FBI’s commitment to disrupt hacking activity using all legal tools at the FBI’s disposal.
Mircosoft, hackers, and FBI
According to the information released by Justice Department, the operation only removed the backdoors. Nevertheless, it did not patch the vulnerabilities exploited by the hackers, to begin with, or remove any malware left behind.
Most likely, it is the first known case of the FBI effectively cleaning up private networks following a cyberattack. Several years ago, the Supreme Court moved to allow the U.S. judges to grant search and seizure warrants outside of their district.
The Supreme Court’s decision played an important role, as it enabled the FBI to remove backdoors from hacked Microsoft servers. The U.S. is not the first country to make such a decision when it comes to tackling cyberattacks. In 2019, the French police hijacked and neutralized massive cryptocurrency mining botnets. The purpose of the operation was to take control of the server as well as to disinfect affected computers. At that time, the botnet was one of the largest networks of hijacked computers in the world.