The FBI is accessing computers across the United States without informing owners to prevent Hafnium Group from Exploiting MS Exchange Server vulnerabilities.
Microsoft Email Exchange Server is used by companies and businesses around the globe and since the service has been found to be vulnerable the FBI is accessing computers in the country to “copy and remove malicious web shells.”
FBI Receives Permission from DoJ to Access Computers
The Department of Justice (DoJ) has granted the FBI permission to access hundreds of computers across the U.S. that are still running unpatched versions of the Microsoft Exchange Server software. The FBI will now remove web shells left by the Hafnium hacking group who penetrated the systems earlier.
This is indeed an unprecedented step and shows that law enforcement will step in and take control of the situation, even if it doesn’t involve your consent when facing such large-scale hacking operations.
In this case, those users who haven’t or aren’t willing to patch their systems will not be informed, and the FBI will do the job on their behalf.
The announcement read:
“The Justice Department today announced a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable computers in the United States running on-premises versions of Microsoft Exchange Server software used to provide enterprise-level email service.”
The impacted servers are located in at least five U.S. judicial districts, including the District of Massachusetts, Southern District of Texas, Northern District of Virginia, and Northern District of Illinois.
Unique response to thwart ongoing hacking campaign?
This action from the DoJ seems to be a reaction to a large-scale hacking campaign that has been active lately to leverage M.S. Exchange Server vulnerabilities. Many hacking groups are trying to exploit the security flaws identified in M.S. Exchange to steal sensitive data such as victims’ emails or drop DearCry ransomware.
In fact, a Chinese hacking group known as Hafnium is believed to be most active as it has already infiltrated tens of thousands of Exchange servers.
The FBI has removed one of the hacking groups remaining web shells, which could have been used to “maintain and escalate persistent, unauthorized access to U.S. networks,” the DoJ claimed in the announcement.
The department stated that by removing the web shells, the bureau would prevent cybercriminals from using these web shells to install additional malware.
FBI will itself hack servers and use passwords and other data to protect computers infected by Hafnium.