Morgan bowls a 300 themountainmail.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from themountainmail.com Daily Mail and Mail on Sunday newspapers.
U.S. Attorney General Merrick Garland arrives to address the staff on his first day at the Department of Justice March 11, 2021 in Washington, DC. The decision by Justice to dismantle âhundredsâ of web shells installed using Exchange Server vulnerabilities is being hailed as a landmark use of a new authority. (Photo by Kevin Dietsch-Pool/Getty Images)
The decision by the Department of Justice announced Tuesday to dismantle âhundredsâ of web shells installed using Exchange Server vulnerabilities, mitigating the threat to private servers in bulk, is being hailed as a landmark use of a new authority. But the move also invited concern among some in the cybersecurity community about the lack of any clear standard for when and how government may hack private systems.
FBI hacks compromised Exchange servers as more companies get targeted
SHARE
In a possibly unprecedented move, the U.S. Federal Bureau Investigation has obtained a court order to allow it to hack compromised Microsoft Corp. Exchange Servers to remove vulnerabilities as more stories of Exchange servers being targeted continue to emerge.
The court order allowed the FBI to copy and remove malicious web shells from hundreds of vulnerable computers that were compromised by so-called Hafnium attacks first revealed by Microsoft security researchers March 2. Hafnium was described at the time as Chinese state-sponsored hackers targeting a number of recently identified vulnerabilities for which patches had been issued.
FBI Removes Web Shells from Infected Exchange Servers
Phil Muncaster UK / EMEA News Reporter , Infosecurity Magazine
The US authorities sought a court order to remove web shells running on hundreds of Microsoft Exchange servers, following mass exploitation of vulnerabilities patched in March, it has emerged.
The Department of Justice (DoJ) announced the move yesterday, explaining that although system owners managed to remove thousands of malicious scripts from their infected servers, hundreds persisted.
Although the attacks started as early as January, one report claimed that as many as 30,000 US Exchange Server customers may have ultimately been impacted by the compromise, as various groups piled in once the bugs were made public a couple of months later.
Get Permission
Example of a malicious message, written in German, that contains a malicious attachment sent through a collaboration platform channel (Source: Cisco Talos)
The increasing reliance on collaboration tools such as Slack and Discord to support those working remotely during the COVID-19 pandemic has opened up new ways for fraudsters and cybercriminals to bypass security tools and deliver malware, Cisco Talos reports.
Cybercriminals are using these collaboration tools not only to deliver malware but also to retrieve information about specific components and networks and to establish command-and-control channels that can be used to exfiltrate data, Cisco Talos says in its new report.