The Department of Justice announced Tuesday, April 13, 2021, that it had given the Federal Bureau of Investigation (FBI) access to computers in the United States. This ruling comes as these computer systems have reportedly been running on compromised versions of the Microsoft Exchange software.
According to Tech Crunch, these Microsoft Exchange servers have been previously used by hackers and threat actors. Following the grant given by the Texas court to the FBI, the agency supposedly removed the web shells left by hackers in the system months after the data breach initially occurred, which the Justice Department deemed a successful operation.
In a statement by the FBI Acting Assistant Director Tonya Ugoretz, she said, “This operation is an example of the FBI’s commitment to combatting cyber threats through our enduring federal and private sector partnerships.”
“Our successful action should serve as a reminder to malicious cyber actors that we will impose risk and consequences for cyber intrusions that threaten the national security and public safety of the American people and our international partners. The FBI will continue to use all tools available to us as the lead domestic law enforcement and intelligence agency to hold malicious cyber actors accountable for their actions,” continued Ugoretz.
The hacking campaign, which took advantage of the vulnerable Microsoft Exchange servers, happened earlier this year, with The Verge stating the hack affected thousands of customers around the globe.
Tech Crunch said that earlier in March, Hafnium, a new state-backed hacking group from China, have targeted a number of Microsoft Exchange servers by exploiting the four existing vulnerabilities in the system.
While the tech giant reportedly issued a fix for the four vulnerabilities in question, Tech Crunch states that these failed to address the issue of web shells being left behind in the servers from the initial attacks made. This paved way for other hackers to exploit the servers with ransomware, notes the news site.
To address these, however, the Federal Bureau of Investigation exploited these very vulnerabilities to remove the web shells/backdoors left by the hackers. While the operation was successful, the document released by the Justice Department clarified that the FBI did not issue patches for the vulnerabilities.
Based on the document released by the Department of Justice, “The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell (identified by its unique file path).”
Following the operation, the FBI is still currently in the works of notifying all affected users about the operation.