The federal district court for the Southern District of Texas has allowed the FBI to connect to hundreds of servers in the United States to address the aftermath of a hacker attack on Microsoft Exchange Server software, the country's Justice Department said. To do this, the FBI had to delete the file on the web server responsible for the remote connectivity. The US Department of Justice reported that the FBI has already carried out an operation.
“In today's operation, web shells were removed … that could have been used to provide and enhance permanent unauthorized access to US networks. The FBI carried out the seizure using a command sent through the web shell to the server, ”the statement on the Justice Department's website says. According to the court decision (.pdf), the FBI received an order to remove the web shells, as well as to copy them as evidence and / or weapons of crime.
Microsoft reported vulnerabilities in its Exchange Server mail server in March. The company said that the Hafnium group, backed by the Chinese authorities, attacked companies and structures in the field of legal services, higher education, infectious disease research, as well as defense contractors, think tanks and NGOs.
By early March, about 40 Russian companies had been attacked through vulnerabilities found in Exchange Server, Kaspersky Lab reported. In total, by March 11, according to ESET, more than ten hacker groups were using the vulnerability. Microsoft recommended updating Exchange Server to the latest versions, and users of older versions without their own IT team should run a special program.
About hacker attacks on Russian research institutes – in the material of “Kommersant” “Research Institute a step back.”
Read also:
