The FBI has been removing web shells from compromised Microsoft Exchange serves following court authorisation. However, owners of the Microsoft Exchange servers were never informed or able to approve of the FBI’s actions.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

In February, the hacking group HAFIUM exploited several vulnerabilities in Microsoft Exchange’s servers. The group installed web shells in compromised Exchange servers which allowed them to remotely access the servers. Following the attack, Microsoft released a security update that patched the exploited vulnerabilities.

According to a press release published by the Department of Justice (DOJ) the FBI used a search warrant to access compromised servers and remove the web shells from them without the owners’ consent. The FBI has been accessing the servers of those they believed do not have the technical ability to remove them themselves, as well as those who are of significant risk from the shells.

Owners were not informed of the operation as the FBI feared it could compromise it. According to the press release from the DOJ, “the FBI is attempting to provide notice of the court-authorized operation to all owners or operators of the computers from which it removed the hacking group’s web shells. For those victims with publicly available contact information, the FBI will send an e-mail message from an official FBI e-mail account (@FBI.gov) notifying the victim of the search. For those victims whose contact information is not publicly available, the FBI will send an e-mail message from the same FBI e-mail account to providers (such as a victim’s ISP) who are believed to have that contact information and ask them to provide notice to the victim.”

 

The post FBI removed web shells from Exchange Servers without consent appeared first on IT Security Guru.

By admin