The FBI is contacting Exchange server owners to inform them that it has removed backdoors from their servers.
The FBI has executed a court-authorized operation to remove malicious backdoor web shells from hundreds of Microsoft Exchange email servers targeted in the recent spate of attacks. The attacks exploited four zero-day vulnerabilities in Microsoft Exchange, collectively referred to as the ProxyLogon vulnerabilities, that were first exploited by Chinese state-sponsored threat actors known as Hafnium. Even conservative estimates by security experts such as ESET pinned the number of compromised servers at over 5000.
