FBI cleans up infected Exchange servers

2021-04-14 15:18

Federal authorities in the U.S. have swooped in to eliminate malicious backdoor code planted by attackers on vulnerable Microsoft Exchange servers across the country.

This latest effort eliminated the remaining web shells of one specific hacking group, which would have given it persistent access to Exchange servers in the U.S. had they remained.

The FBI pulled off the operation by sending a command through each web shell to force the servers to delete just the web shell portion.

The FBI said it's notifying Exchange users of the operation by directly emailing them through publicly available contact information.

"The FBI notification process itself provides actors an opportunity to target new victims. Bad actors can set up a phishing lure that purports to be from a legitimate FBI address to social engineer their targets."

"Chinese actors will no doubt have already set up additional ways to maintain persistence in their victim networks. We will see a 'gold rush' of other malicious actors seeking to reinfect the unpatched Exchange servers."

News URL

https://www.techrepublic.com/article/fbi-cleans-up-infected-exchange-servers/#ftag=RSS56d97e7

#exchange #FBI #server