The Federal Bureau of Investigation (FBI) executed a court-authorized operation to remove malicious web shells and kick out hackers from hundreds of vulnerable computers in the United States.
Malicious web shells are pieces of code or scripts (malware) uploaded by a hacker to a compromised server to gain remote access or administration.
According to the Department of Justice (DOJ), certain hacking groups exploited zero-day vulnerabilities in Microsoft Exchange Server software from January to February this year to access email accounts. They placed web shells on the server for continued access.
On March 2, various other hacking groups followed suit after Microsoft disclosed that a Chinese hacking group known as HAFNIUM committed “limited and targeted attacks” to the on-premises versions of the Microsoft Exchange Server.
Also, Microsoft released patches to the exploited vulnerabilities CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 on Microsoft Exchange Server.
On Tuesday, the DOJ stated that many infected system owners successfully removed the web shells from thousands of computers. However, others failed to do so.
The FBI conducted its operation to delete the remaining web shells used by HAFNIUM to maintain and continue persistent unauthorized access to U.S. computer networks.
In a statement, the DOJ’s National Security Division Assistant Attorney General John C. Demers, commented, “Combined with the private sector’s and other government agencies’ efforts to date, including the release of detection tools and patches, we are together showing the strength that public-private partnership brings to our country’s cybersecurity. There’s no doubt that more work remains to be done, but let there also be no doubt that the Department is committed to playing its integral and necessary role in such efforts.”
On the other hand, Acting Assistant Director of the FBI’s Cyber Division Tonya Ugoretz said the bureau is committed to “combatting cyber threats through our enduring federal and private sector partnerships.
Ugorets also warned that the FBI will use all available tools to “hold malicious cyber actors accountable for their actions” that threatens the national security and safety of Americans.
Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.
Want to contribute a story? We also accept article submissions — check out our writer’s guidelines here.