The FBI was given court approval to protect hundreds of vulnerable computers in the U.S. from hackers by copying and removing web shells that provided backdoor access to Microsoft Exchange Server software.
The Texas-approved operation was made public on April 13, after hackers used such tactics to attack thousands of networks worldwide between January and February, said the court statement.
Per Microsoft, the hackers that are believed to belong to a hacking group called Hafnium used multiple zero-day vulnerabilities in Microsoft Exchange Server software to gain access to email accounts and placed web shells that provided backdoor access so they, and other hackers, could keep accessing the information.
Backdoor attacks and web shells
To provide a minor detail, backdoor attacks negate normal authentication processes to access a system. They enable hackers to gain remote access, issuing commands remotely, and updating malware whenever they want.
This type of hacking attack has been seen in several instances; for example, in the U.S., hackers remotely accessed a water treatment plant to poison Florida residents’ drinking water.
Any hacker can access the available information by leaving backdoors, which is precisely what happened earlier this year with the Microsoft Exchange Server software. Unfortunately, many of the web shells from the attack remained in place, which is why the FBI stepped in to try and close the matter once and for all.
The operation has been called “successful,” as it removed and copied those web shells. However, the report explains that the process did not patch the zero-day vulnerabilities or look for any other hacking tools that might have been placed by the original hackers or any other hackers who gained access to the malware.
“The FBI will continue to use all tools available to us as the lead domestic law enforcement and intelligence agency to hold malicious cyber actors accountable for their actions,” said Acting Assistant Director Tonya Ugoretz of the FBI’s Cyber Division in the statement.