April 26, 2024

FBI has launched a mega operation to remove malicious web shells from hundreds of vulnerable computers in the US that were running on-premises versions of Microsoft Exchange Server software used to provide enterprise-level email service.

A court in Houston has authorised an FBI operation to “copy and remove” backdoors from hundreds of Microsoft Exchange email servers that have been compromised by nation-state hackers, including from China (Hafnium).

Web shells are pieces of code or scripts that enable remote administration.Other hacking groups followed suit starting in early March after the vulnerability and patch were publicised.

Many infected system owners successfully removed the web shells from thousands of computers. Others appeared unable to do so, and hundreds of such web shells persisted unmitigated.

The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell.

Earlier last month Microsoft and other industry partners released detection tools, patches and other information to assist victim entities in identifying and mitigating the cyber incident.

Despite these efforts, by the end of March, hundreds of web shells remained on certain US-based computers running Microsoft Exchange Server software.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

GitLab April 2024 Security Advisory – CVE-2024-2434

April 26, 2024

CISA KEV Update April 2024 – Part II

April 25, 2024

ArcaneDoor Exploits Cisco ASA and FTD

April 25, 2024

Google Fixes Critical Vulnerability in Chrome -CVE-2024-4058

April 24, 2024

Red Ransomware Victimized Targus

April 23, 2024

Oracle Virtual Box Vulnerability PoC Released – CVE-2024-21111

April 22, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading