FBI cleans web shells from hacked Exchange servers in rare active defense move

FBI cleans web shells from hacked Exchange servers in rare active defense move

In a move that has been described as unprecedented, the FBI obtained a court order that allowed it to remove a backdoor program from hundreds of private Microsoft Exchange servers that were hacked through zero-day vulnerabilities earlier this year. The operation shows that the FBI is ready to take a more active approach in responding to cyber threats that goes beyond its traditional investigatory role, but also raises questions about where the limits should be with such actions.

[ Learn 12 tips for effectively presenting cybersecurity to the board and 6 steps for building a robust incident response plan. | Sign up for CSO newsletters. ]

Why is the FBI cleaning Exchange servers?


Earlier this week, the Department of Justice announced that the FBI was granted a search and seizure warrant by a Texas court that allows the agency to copy and remove web shells from hundreds of on-premise Microsoft Exchange servers owned by private organizations. A web shell is a type of program that hackers install on hacked web servers to grant them backdoor access and remote command execution capabilities on those servers through a web-based interface.

To read this article in full, please click here