FBI Intervene After Microsoft Exchange Server Hack
Last month, Microsoft announced that a Chinese state-sponsored organisation had been exploiting vulnerabilities in its Exchange Server, allowing it to combine four previously unknown vulnerabilities to steal data and corrupt the networks of thousands of organisations.
“Even though we’ve worked quickly to deploy an update, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems,” Tom Burt, Microsoft’s vice president for customer security, said at the time.
Not satisfied, a Texan court authorised the FBI to copy and remove backdoors from hundreds of Microsoft Exchange serves in the U.S.
While patches were used by Microsoft to fix the vulnerable servers, those previously ‘opened’ backdoors were not closed – leading to various ransomware attacks from third parties.
The FBI intervention is claimed to have been successful.
“Today’s court-authorised removal of the malicious web shells demonstrates the Department’s commitment to disrupt hacking activity using all of our legal tools, not just prosecutions,” said Assistant Attorney General John C. Demers for the Justice Department’s National Security Division.
“Combined with the private sector’s and other government agencies’ efforts to date, including the release of detection tools and patches, we are together showing the strength that public-private partnership brings to our country’s cybersecurity.
“Combatting cyber threats requires partnerships with private sector and government colleagues,” said Acting U.S. Attorney Jennifer B. Lowery of the Southern District of Texas.
“This court-authorised operation to copy and remove malicious web shells from hundreds of vulnerable computers shows our commitment to use any viable resource to fight cyber criminals. We will continue to do so in coordination with our partners and with the court to combat the threat until it is alleviated, and we can further protect our citizens from these malicious cyber
“This operation is an example of the FBI’s commitment to combatting cyber threats through our enduring federal and private sector partnerships,” said Acting Assistant Director Tonya Ugoretz of the FBI’s Cyber Division.
“Our successful action should serve as a reminder to malicious cyber actors that we will impose risk and consequences for cyber intrusions that threaten the national security and public safety of the American people and our international partners.
“The FBI will continue to use all tools available to us as the lead domestic law enforcement and intelligence agency to hold malicious cyber actors accountable for their actions.”
This marks the first-known FBI intervention of a private security hack, a controversial move that was made possible by a 2016 Supreme Court ruling that expanded the FBI’s hacking powers.