Skip to content
  • Home
  • Emerging Technology & News
  • Computer Help
  • Privacy and Security
  • Reimage Windows Repair
The Reimage Blog
Menu
  • Home
  • Emerging Technology & News
  • Computer Help
  • Privacy and Security
  • Reimage Windows Repair
Facebook Twitter
Home  /  Privacy and Security  /  FBI cleans up infected Exchange servers
PostedinPrivacy and Security Posted on April 16, 2021

FBI cleans up infected Exchange servers

Posted By Kerry.Hershey

The feds removed web shells that provided backdoor access to cybercriminals in a recent exploit of Microsoft Exchange.

Federal authorities in the U.S. have swooped in to eliminate malicious backdoor code planted by attackers on vulnerable Microsoft Exchange servers across the country. In a news release published Tuesday, the U.S. Department of Justice announced the court-authorized effort to copy and remove web shells that had been installed on on-premises versions of Microsoft Exchange Server software. Web shells are malicious pieces of code that give attackers continuous remote administrative access to a compromised system.

In March, Microsoft and other companies revealed a series of cyberattacks from Chinese hackers and other groups in which they exploited several zero-day flaws in Exchange Server to access sensitive email accounts. The attacks initially surfaced in January but have continued as affected organizations have scrambled to patch the vulnerabilities.

Many Exchange users were able to get rid of the web shells themselves, according to the DOJ. But others were unable to do so, prompting the feds to step in. This latest effort eliminated the remaining web shells of one specific hacking group, which would have given it persistent access to Exchange servers in the U.S. had they remained.

The FBI pulled off the operation by sending a command through each web shell to force the servers to delete just the web shell portion. Each of the web shells had a unique name and file location, a factor that likely made their removal more challenging for individuals used to dealing with generic code.

“First, this is a strong indicator of the extent at which these vulnerabilities have been leveraged for nefarious ends, and the risk that the FBI perceives to be present,” said Tim Wade, technical director for the CTO team at Vectra. “Second, this likely also exposes the challenges that individual organizations have in the detection, response and remediation phases of an attack—at least a subset of those targeted for action by the FBI are likely to have patched but been insufficiently equipped to fully eradicate the adversary’s foothold.”

Though the FBI successfully killed off the remaining web shells, it didn’t remove any other malware or hacking components that the attackers may have installed. As such, organizations still need to take specific steps to fully mitigate the threat. Those with in-house Exchange servers are urged to follow Microsoft’s guidance on the exploits and apply the necessary patches for the zero-day vulnerabilities.

The FBI said it’s notifying Exchange users of the operation by directly emailing them through publicly available contact information. For users whose contact info is not publicly accessible, the agency will email the details to the organization’s ISP to pass along to the victim.

“The speed with which the FBI conducts the victim notification is critical,” said Rick Holland, CISO and VP of strategy at Digital Shadows. “The FBI notification process itself provides actors an opportunity to target new victims. Bad actors can set up a phishing lure that purports to be from a legitimate FBI address to social engineer their targets.”

Plus, the FBI’s effort doesn’t end the threat.

“The FBI only removed the web shells, not the software vulnerabilities themselves,” Holland said. “Chinese actors will no doubt have already set up additional ways to maintain persistence in their victim networks. We will see a ‘gold rush’ of other malicious actors seeking to reinfect the unpatched Exchange servers.”

Source link

Tags: FBI Microsoft Microsoft Exchange Security
Share on Facebook Share on Twitter
Previous Article
Razer Book 13 Review
Next Article
Apple now lets you use your iCloud passwords in Google Chrome on your Windows PC

About Author

Kerry.Hershey

Related Posts

  • Hackers have carried out over 65,000 attacks through Windows’ Print Spooler exploit

    May 13, 2022
  • How to secure your internet activity on iOS devices

    May 9, 2022
  • Using Google’s Chrome browser? This new feature will help you fix your security settings

    April 15, 2022
Scan Now

Categories

  • Business
  • Computer Help
  • Emerging Technology & News
  • Privacy and Security
  • Reviews

Reviews

Reimage Social

Security

Popular Posts

  • PCWorld calls Reimage “A Fantastic Repair Utility “ July 26, 2011 Reviews
  • 4 Ways to Keep the Ghouls & Goblins Away From Your PC October 26, 2010 Archive
  • The PC Key to Happiness – A Properly Maintained OS September 2, 2010 Archive
  • Google says hacked websites were attacking iPhones for years September 12, 2019 Privacy and Security

Random Posts

  • Microsoft is notifying users if their PC can’t install the Windows 10 May update June 2, 2020 Emerging Technology & News
  • CES 2020: Facebook, Twitter gear up for the world’s biggest tech show January 1, 2020 Emerging Technology & News
  • Apple’s iPhone 13 is great, but these missing features are a letdown November 15, 2021 Reviews
  • 5G phones in 2020: Galaxy Note 20, Pixel 5, OnePlus Nord, LG Velvet and more October 28, 2020 Reviews
© Copyright 2019
We use cookies to ensure that we give you the best experience on our website.Ok