FBI Accessing Private Servers to Subvert Cyberattacks
WASHINGTON — In a covert operation to undercut hacking groups’ attempts to exploit vulnerabilities in Microsoft’s Exchange email program, the FBI has begun accessing hundreds of vulnerable computers in the United States to remove malicious web shells.
Web shells, interfaces that grant control over a web server by implementing arbitrary code executions, can be uploaded to servers to enable remote access to hackers. From January to February 2021, hackers began exploiting previously unknown vulnerabilities in Microsoft Exchange Server software to access e-mail accounts and place web shells.
“The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell [identified by its unique file path],” officials from the Department of Justice said in a written statement.
The hacking of Microsoft’s software is believed to have been carried out by a team from the Russian Foreign Intelligence Service to gain a backdoor into SolarWinds programs, TWN previously reported.
Top cybersecurity experts sounded alarm bells once news of the hacking broke, likely prompting the court-authorized FBI operation to delete the harmful code. In retaliation to the hack, the White House expelled 10 Russian diplomats from the country, although cybersecurity experts have signaled the need to ramp up the industry workforce and educational pipeline to prevent future cyberattacks.
“This operation is an example of the FBI’s commitment to combating cyber threats through our enduring federal and private sector partnerships,” Tonya Ugoretz, acting assistant director of the FBI’s Cyber Division, said in a written statement. “Our successful action should serve as a reminder to malicious cyber actors that we will impose risk and consequences for cyber intrusions that threaten the national security and public safety of the American people and our international partners. The FBI will continue to use all tools available to us as the lead domestic law enforcement and intelligence agency to hold malicious cyber actors accountable for their actions.”
Because of the swift and clandestine nature of the operation, the owners of affected Microsoft Exchange servers could be left unaware of the FBI’s actions on their networks. In the Justice Department’s release announcing the operation, the agency said the FBI is “attempting to provide notice” to the owners or operators of the computers.
Although the FBI’s operation succeeded in eliminating malicious web shells, it did not patch any Microsoft Exchange Server vulnerabilities or search for additional malware or hacking tools left behind by cyberattacks. The Justice Department strongly encourages network defenders to review Microsoft’s remediation guidance on detection and patching, the agency said in a release.
“Combating cyber threats requires partnerships with private sector and government colleagues,” Acting U.S. Attorney Jennifer Lowery of the Southern District of Texas said in a written statement. “This court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable computers shows our commitment to use any viable resource to fight cyber criminals. We will continue to do so in coordination with our partners and with the court to combat the threat until it is alleviated, and we can further protect our citizens from these malicious cyber breaches.”
In The News
WASHINGTON — Sen. Amy Klobuchar, D-Minn., has been on a crusade for swift and sweeping reform of Big Tech platforms,... Read More
WASHINGTON — Sen. Amy Klobuchar, D-Minn., has been on a crusade for swift and sweeping reform of Big Tech platforms, introducing a number of bills and even publishing a book titled “Antitrust” that looks at the history of policy toward trusts and monopolies and details how... Read More
WASHINGTON — The U.S. is at risk of creating a two-silo cybersecurity strategy impeding its ability to adequately address ever-evolving... Read More
WASHINGTON — The U.S. is at risk of creating a two-silo cybersecurity strategy impeding its ability to adequately address ever-evolving cyber threats from bad actors overseas, a former assistant secretary of defense said Friday. Speaking at an American Enterprise Institute event, Paul Stockton, who is now... Read More
GEORGETOWN, Del. — Shareholders are suing software provider SolarWinds Corp. in the Delaware Court of Chancery claiming the company directors... Read More
GEORGETOWN, Del. — Shareholders are suing software provider SolarWinds Corp. in the Delaware Court of Chancery claiming the company directors should have known of, and yet did nothing to mitigate, the risk of the massive data breach that took place in 2020. The plaintiffs, led by... Read More
WASHINGTON — Large-scale cyberattacks continued this week in the United States and abroad as computer security experts told a congressional... Read More
WASHINGTON — Large-scale cyberattacks continued this week in the United States and abroad as computer security experts told a congressional panel Tuesday that more government intervention is needed. On Monday, Microsoft announced that Russia-backed hackers were trying to steal information technology to disrupt the global supply... Read More
WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls... Read More
WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls over cybersecurity items such as cyber intrusion software that can be used maliciously. The department’s new policy also creates a new license exception for authorized cybersecurity... Read More
WASHINGTON -- If everyone were to employ proper cyber hygiene like multi-factor authentication or not clicking on links in phishing... Read More
WASHINGTON -- If everyone were to employ proper cyber hygiene like multi-factor authentication or not clicking on links in phishing emails, more than 85% of cyberattacks would be prevented, said Sen. Angus King, I-Maine, Thursday. “The best hack is the one that doesn’t happen,” King said... Read More