The Justice Department on Tuesday revealed that the FBI undertook a court-approved operation to remove “malicious web shells” from compromised Microsoft Exchange email servers in the US. The web shells are snippets of code that act as backdoors and could have allowed continued unauthorized access to emails and US networks, said the DOJ.
“This court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable computers shows our commitment to use any viable resource to fight cyber criminals,” said Jennifer B. Lowery, acting US attorney for the Southern District of Texas, in a release. “We will continue to do so in coordination with our partners and with the court to combat the threat until it is alleviated, and we can further protect our citizens from these malicious cyber breaches.”
Microsoft in early March released a series of security updates to detect and patch the vulnerabilities in Exchange Server software. While many server owners were able to remove the malicious web shells, the Justice Department said “others appeared unable to do so, and hundreds of such web shells persisted unmitigated.”
More to come.