This article is from the source 'rtcom' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.rt.com/usa/520953-fbi-microsoft-hafnium-exploit/
The article has changed 4 times. There is an RSS feed of changes available.
| Version 1 | Version 2 |
|---|---|
| FBI receives ‘search warrant’ to INFILTRATE & FIX hundreds of systems affected by ‘Chinese hack’ of Microsoft Exchange servers | FBI receives ‘search warrant’ to INFILTRATE & FIX hundreds of systems affected by ‘Chinese hack’ of Microsoft Exchange servers |
| (5 months later) | |
| The US Department of Justice has allowed the FBI to infiltrate hundreds of systems affected by an exploit of Microsoft Exchange email servers and “delete malicious software.” The people affected will be notified… by email. | The US Department of Justice has allowed the FBI to infiltrate hundreds of systems affected by an exploit of Microsoft Exchange email servers and “delete malicious software.” The people affected will be notified… by email. |
| In what appears to be the first action of such kind ever, the FBI removed “web shells” belonging to “one early hacking group,” the DOJ said on Tuesday. Web shells are malware left on the servers by people who used the zero-day exploit on the popular email server software to gain access to corporate email servers earlier this year. | In what appears to be the first action of such kind ever, the FBI removed “web shells” belonging to “one early hacking group,” the DOJ said on Tuesday. Web shells are malware left on the servers by people who used the zero-day exploit on the popular email server software to gain access to corporate email servers earlier this year. |
| While thousands of affected web servers have since been patched, hundreds of web shells “persisted unmitigated” because the system owners appeared unwilling or unable to remove them, the DOJ said. | While thousands of affected web servers have since been patched, hundreds of web shells “persisted unmitigated” because the system owners appeared unwilling or unable to remove them, the DOJ said. |
| The FBI’s operation was intended to ‘help’ administrators secure their systems and successfully removed the malware from some of these computers. It was authorized as a “search” warrant by Judge Peter Bray, a federal magistrate in the Southern District of Texas. His court order was issued on April 9, but remained sealed until Tuesday. | The FBI’s operation was intended to ‘help’ administrators secure their systems and successfully removed the malware from some of these computers. It was authorized as a “search” warrant by Judge Peter Bray, a federal magistrate in the Southern District of Texas. His court order was issued on April 9, but remained sealed until Tuesday. |
| “Today’s court-authorized removal of the malicious web shells demonstrates the Department’s commitment to disrupt hacking activity using all of our legal tools, not just prosecutions,” said Assistant Attorney General John C. Demers, of the DOJ’s National Security Division. | “Today’s court-authorized removal of the malicious web shells demonstrates the Department’s commitment to disrupt hacking activity using all of our legal tools, not just prosecutions,” said Assistant Attorney General John C. Demers, of the DOJ’s National Security Division. |
| The FBI only “copied and removed” the web shells, but did not patch any Microsoft Exchange Server vulnerabilities, or search for and remove any additional malware or other information contained on the servers, the DOJ noted. | The FBI only “copied and removed” the web shells, but did not patch any Microsoft Exchange Server vulnerabilities, or search for and remove any additional malware or other information contained on the servers, the DOJ noted. |
| Another thing that stood out in the DOJ statement was that the owners or operators of the affected computers were not notified of the “search” beforehand. Instead, the FBI is “attempting to provide notice” by sending an email to those with publicly available contact information – and in cases where it wasn’t available, asking internet service providers (ISP) to forward the message along. | Another thing that stood out in the DOJ statement was that the owners or operators of the affected computers were not notified of the “search” beforehand. Instead, the FBI is “attempting to provide notice” by sending an email to those with publicly available contact information – and in cases where it wasn’t available, asking internet service providers (ISP) to forward the message along. |
| Meanwhile, the White House’s top cybersecurity official directed all government agencies on Tuesday to “urgently” patch their Microsoft Exchange servers, due to four new flaws discovered by the NSA. | Meanwhile, the White House’s top cybersecurity official directed all government agencies on Tuesday to “urgently” patch their Microsoft Exchange servers, due to four new flaws discovered by the NSA. |
| The vulnerabilities “may pose such a systemic risk that they require expedited disclosure,” Anne Neuberger said in a statement. | The vulnerabilities “may pose such a systemic risk that they require expedited disclosure,” Anne Neuberger said in a statement. |
| Microsoft announced a massive breach of its Exchange email platform in early March, saying that a zero-day vulnerability in the servers had given “long-term access” to hackers. The attack was attributed to a group dubbed Hafnium – an allegedly “state-sponsored” outfit operating out of China. | Microsoft announced a massive breach of its Exchange email platform in early March, saying that a zero-day vulnerability in the servers had given “long-term access” to hackers. The attack was attributed to a group dubbed Hafnium – an allegedly “state-sponsored” outfit operating out of China. |
| The vulnerability was subsequently exploited by at least 10 hacking groups and affected thousands of servers in over 115 countries, according to the cybersecurity firm ESET. More than 20,000 servers were compromised in the US alone. | The vulnerability was subsequently exploited by at least 10 hacking groups and affected thousands of servers in over 115 countries, according to the cybersecurity firm ESET. More than 20,000 servers were compromised in the US alone. |
| Think your friends would be interested? Share this story! | Think your friends would be interested? Share this story! |
| Dear readers and commenters, | |
| We have implemented a new engine for our comment section. We hope the transition goes smoothly for all of you. Unfortunately, the comments made before the change have been lost due to a technical problem. We are working on restoring them, and hoping to see you fill up the comment section with new ones. You should still be able to log in to comment using your social-media profiles, but if you signed up under an RT profile before, you are invited to create a new profile with the new commenting system. | |
| Sorry for the inconvenience, and looking forward to your future comments, | |
| RT Team. |