Not updating your Microsoft Exchange email servers? The FBI will do it for you.
The U.S. DOJ announced a Houston court has authorised the FBI to access hundreds of computers across the U.S. to “copy and remove” backdoors from hundreds of Microsoft Exchange email servers after hackers exploited four zero-day vulnerabilities to attack the email servers of tens of thousands of businesses and local governments.
Microsoft released patches to fix the previously undiscovered vulnerabilities and the number of infected servers dropped significantly. However, even applied, the patches did not close the backdoors to the Microsoft Exchange Servers (MES) that had already been breached.
According to the Department of Justice announcement –
“The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell (identified by its unique file path). The operation only removed the backdoors but did not patch the vulnerabilities initially exploited by cyber attackers or remove any malware left behind.”
This is the first known case of the FBI effectively cleaning up private networks following a cyberattack. But the whole operation also raises concerns about the FBI’s jurisdiction when dealing with cyberattacks against the U.S.