FBI Uses Hacker Tactics To Get Hackers Out of Microsoft Exchange Servers

The Texas court-authorized operation removes backdoors from hacked computers.
Fabienne Lang

The FBI was given court approval to protect hundreds of vulnerable computers in the U.S. from hackers by copying and removing web shells that provided backdoor access to Microsoft Exchange Server software. 

The Texas-approved operation was made public on April 13, after hackers used such tactics to attack thousands of networks worldwide between January and February, said the court statement.

Per Microsoft, the hackers, that are believed to belong to a hacking group called Hafnium, used multiple zero-day vulnerabilities in Microsoft Exchange Server software to gain access to email accounts and placed web shells that provided backdoor access so they, and other hackers, could keep accessing the information. 

Backdoor attacks and web shells

To provide a little detail, backdoor attacks negate regular authentication processes in order to access a system. They enable hackers to gain remote access, issuing commands remotely, and updating malware whenever they want.

This type of hacking attack has been seen in a number of instances, for example in the U.S., hackers remotely accessed a water treatment plant to poison the drinking water of Florida residents.

By leaving backdoors, any hacker can access the available information, which is precisely what happened earlier this year with the Microsoft Exchange Server software. Unfortunately, many of the web shells from the attack remained in place, which is why the FBI stepped in to try and close the matter once and for all. 

Most Popular

The operation has been called "successful," as it removed and copied those web shells. However, the report explains that the operation did not patch the zero-day vulnerabilities, or look for any other hacking tools that might have been placed by the original hackers, or any other hackers who gained access to the malware. 

"The FBI will continue to use all tools available to us as the lead domestic law enforcement and intelligence agency to hold malicious cyber actors accountable for their actions," said Acting Assistant Director Tonya Ugoretz of the FBI’s Cyber Division in the statement.

message circleSHOW COMMENT (1)chevron