Feds turn into cyberfirefighters and hose down the web shell bonfire raging on hundreds of unpatched Exchange servers.
It’s possible that if you were running an Exchange server in the United States, it could have been compromised, and somewhat mitigated by the FBI without your knowledge. The Department of Justice revealed on Tuesday that the FBI gained authorisation to remove web shells installed on compromised servers related to the Exchange vulnerabilities. “Many infected system owners successfully removed the web shells from thousands of computers. Others appeared unable to do so, and hundreds of such web shells persisted unmitigated,” the department said. “This operation removed one early hacking group’s remaining web shells which could have been used to maintain and escalate persistent, unauthorized access to US networks.” Despite the operation, those that run Exchange servers are still recommended to follow Microsoft’s advice as well as ensure servers are properly patched. “The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell (identified by its unique file path),” it said.
