FBI executes an operation to remove web shells, expel hackers from U.S. computers  

90
SHARE
FBI

The Federal Bureau of Investigation (FBI) executed a court-authorized operation to remove malicious web shells and kick out hackers from hundreds of vulnerable computers in the United States.  

Malicious web shells are pieces of code or scripts (malware) uploaded by a hacker to a compromised server to gain remote access or administration.  

According to the Department of Justice (DOJ), certain hacking groups exploited zero-day vulnerabilities in Microsoft Exchange Server software from January to February this year to access email accounts. They placed web shells on the server for continued access.  

On March 2, various other hacking groups followed suit after Microsoft disclosed that a Chinese hacking group known as HAFNIUM committed “limited and targeted attacks” to the on-premises versions of the Microsoft Exchange Server.  

Also, Microsoft released patches to the exploited vulnerabilities CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 on Microsoft Exchange Server.  

On Tuesday, the DOJ stated that many infected system owners successfully removed the web shells from thousands of computers. However, others failed to do so.