A Press release An FBI operation was launched on Monday to try to stop attacks by “Hafnium” groups and others on Microsoft Exchange servers. When Patch And while mitigation has solved this problem for many, there are still many servers that allow attackers to install web shells to continue their remote access. These shells claim that some shells can be difficult for the administrator to identify and remove on their own.
The FBI Hafnium shells are targeted Especially (as Details filed in court), As it identifies them on the server United States, accessing them remotely using the attacker’s own password and executing a command to delete them to thwart a group’s plan. The FBI-requested search warrant allows it to carry out this operation and delays notifying server administrators. It is allowed to operate for up to 14 days until April 9, along with approval to delay the notification for 30 days.
According to the Justice Department, “These operations were successful in copying and removing those web shells. However, it did not patch the zero-day vulnerabilities of Microsoft Exchange Server or search or remove any additional malware or hacking tools installed by hacking groups. On damaged networks “
Now the FBI says it is emailing server owners and is “trying to give court-approved operation notices to all owners or operators of computers that have removed the hacking group’s web shells.” We are not aware of any instances of the FBI taking action on privately owned servers after you were attacked, Wired Reporter Kim Jett It shows how Coryflood dealt with botnets in 2011 Also with a court order sending an order to shut it down on an infected machine. The Justice Department and Microsoft have not commented publicly on the operation.