image credit: zaimoku_woodpile / Flickr

FBI silently removed web shells planted on Microsoft Exchange servers in the US

April 14, 2021


A US judge granted the FBI the power to log into web shells that were injected by nation-state hackers on Microsoft Exchange servers across the US and remove the malware, announced the US Department of Justice.

“Authorities have executed a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable computers in the United States. They were running on-premises versions of Microsoft Exchange Server software used to provide enterprise-level email service.” reads the press release published by DoJ. “The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell (identified by its unique file path).”

Read More on Security Affairs