facebook linkedin twitter

FBI Accessing Private Servers to Subvert Cyberattacks

April 30, 2021 by Reece Nations
FBI Accessing Private Servers to Subvert Cyberattacks
The. J. Edgar Hoover FBI Building in Washington, D.C. (Photo by Dan McCue)

WASHINGTON — In a covert operation to undercut hacking groups’ attempts to exploit vulnerabilities in Microsoft’s Exchange email program, the FBI has begun accessing hundreds of vulnerable computers in the United States to remove malicious web shells. 

Web shells, interfaces that grant control over a web server by implementing arbitrary code executions, can be uploaded to servers to enable remote access to hackers. From January to February 2021, hackers began exploiting previously unknown vulnerabilities in Microsoft Exchange Server software to access e-mail accounts and place web shells. 

“The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell [identified by its unique file path],” officials from the Department of Justice said in a written statement. 

The hacking of Microsoft’s software is believed to have been carried out by a team from the Russian Foreign Intelligence Service to gain a backdoor into SolarWinds programs, TWN previously reported



Top cybersecurity experts sounded alarm bells once news of the hacking broke, likely prompting the court-authorized FBI operation to delete the harmful code. In retaliation to the hack, the White House expelled 10 Russian diplomats from the country, although cybersecurity experts have signaled the need to ramp up the industry workforce and educational pipeline to prevent future cyberattacks. 

“This operation is an example of the FBI’s commitment to combating cyber threats through our enduring federal and private sector partnerships,” Tonya Ugoretz, acting assistant director of the FBI’s Cyber Division, said in a written statement. “Our successful action should serve as a reminder to malicious cyber actors that we will impose risk and consequences for cyber intrusions that threaten the national security and public safety of the American people and our international partners. The FBI will continue to use all tools available to us as the lead domestic law enforcement and intelligence agency to hold malicious cyber actors accountable for their actions.” 

Because of the swift and clandestine nature of the operation, the owners of affected Microsoft Exchange servers could be left unaware of the FBI’s actions on their networks. In the Justice Department’s release announcing the operation, the agency said the FBI is “attempting to provide notice” to the owners or operators of the computers. 


Although the FBI’s operation succeeded in eliminating malicious web shells, it did not patch any Microsoft Exchange Server vulnerabilities or search for additional malware or hacking tools left behind by cyberattacks. The Justice Department strongly encourages network defenders to review Microsoft’s remediation guidance on detection and patching, the agency said in a release. 

“Combating cyber threats requires partnerships with private sector and government colleagues,” Acting U.S. Attorney Jennifer Lowery of the Southern District of Texas said in a written statement. “This court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable computers shows our commitment to use any viable resource to fight cyber criminals. We will continue to do so in coordination with our partners and with the court to combat the threat until it is alleviated, and we can further protect our citizens from these malicious cyber breaches.” 

A+
a-

In The News

Health

Voting

Cybersecurity

May 18, 2022
by Dan McCue
Federal Agencies Told to Act Quickly to Turn Back Cyberthreat

WASHINGTON — The entity charged with protecting federal agencies from bad cyber actors issued a rare emergency directive Thursday, warning... Read More

WASHINGTON — The entity charged with protecting federal agencies from bad cyber actors issued a rare emergency directive Thursday, warning they should quickly take steps to protect themselves from vulnerabilities found in VMware. VMware is a cloud computing and virtualization technology company headquartered in Palo Alto,... Read More

May 6, 2022
by Madeline Hughes
Cybercrime Tracking Bill Signed Into Law

WASHINGTON — The Department of Justice can now get a handle on the number of cybercrimes happening in the U.S.... Read More

WASHINGTON — The Department of Justice can now get a handle on the number of cybercrimes happening in the U.S. after President Joe Biden signed a bill into law Thursday granting the department the ability to track crimes that have become increasingly prevalent in recent years.... Read More

May 4, 2022
by Tom Ramstack
Russian Cyberthreats Create Alarms at Senate Homeland Security Hearing

WASHINGTON — Lawmakers at a Senate hearing renewed warnings Wednesday that Russian cyberattacks remain a serious threat as the United... Read More

WASHINGTON — Lawmakers at a Senate hearing renewed warnings Wednesday that Russian cyberattacks remain a serious threat as the United States and allies continue their support for Ukraine. In the latest move, the European Union announced Tuesday it would end all oil imports from Russia in... Read More

April 26, 2022
by Tom Ramstack
FBI Warns of Ransomware Attackers Using Sophisticated Program

WASHINGTON — The FBI is warning that computer hackers most likely based in Russia have compromised at least 60 organizations... Read More

WASHINGTON — The FBI is warning that computer hackers most likely based in Russia have compromised at least 60 organizations since last month with a new generation of a sophisticated programming language.  The targets of the ransomware attacks have included a Swiss airport management company and... Read More

April 22, 2022
by Tom Ramstack
FBI Warns Farmers to Beware Ransomware Cyberattacks

WASHINGTON — The FBI issued a warning this week to farm cooperatives that ransomware attackers are increasingly trying to disrupt... Read More

WASHINGTON — The FBI issued a warning this week to farm cooperatives that ransomware attackers are increasingly trying to disrupt their operations during the planting and harvest seasons. The FBI announcement was one of several warnings about cyberattacks that are becoming more shrill as Russia continues... Read More

April 7, 2022
by Madeline Hughes
Warning of Cyberattacks on Backup Power Devices

WASHINGTON — There’s a new warning about cyberattacks on uninterruptible power supplies — essentially the backup batteries that allow near-continuous... Read More

WASHINGTON — There’s a new warning about cyberattacks on uninterruptible power supplies — essentially the backup batteries that allow near-continuous operation when there is a power failure. The Federal Communications Commission issued this warning Thursday to communications companies that often use these backups to keep the... Read More

News From The Well
scroll top