Security News > 2021 > April > FBI hacks into hundreds of infected US servers (and disinfects them)
As we explained in a recent Serious Security article on Naked Security, a crook who can upload a file into a Windows server directory where web data is stored doesn't merely get a chance to pollute your web server with fake content, as bad as that would be on its own.
Despite several weeks of urgent warnings, not least from Naked Security, there are still plenty of unpatched servers out there just waiting to get pwned.
The Feds went to court for a warrant that authorised them to "Exploit" the webshells visible on unpatched servers.
The FBI conducted the removal by issuing a command through the webshell to the server, which was designed to cause the server to delete only the webshell.
Even if you consider yourself to be a "Full cloud" organisation these days, you may still have legacy servers on your own network that you've forgotten about.
If you're infected, don't wait for someone else to run the webshell for you, because it's probably not going to be the FBI telling your server to disinfect itself.
News URL
Related news
- China-Linked Cyber Threat Group Hacks US Treasury Department (source)
- CISA says recent government hack limited to US Treasury (source)
- US Treasury hack linked to Silk Typhoon Chinese state hackers (source)
- FBI wipes Chinese PlugX malware from over 4,000 US computers (source)
- FBI deletes Chinese PlugX malware from thousands of US computers (source)
- US sanctions Chinese firm, hacker behind telecom and Treasury hacks (source)
- A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) (source)
- Week in review: PostgreSQL 0-day exploited in US Treasury hack, top OSINT books to learn from (source)