• Home Page
  • About Us
  • Advertise
  • Contact Us
  • My Account

TechVisibility

  • Home page
  • News
  • Computing
  • Reviews
  • Apps
  • Gaming
  • Mobile
  • Audio
  • Video
  • Gadgets
  • FinTech
  • EV
  • More
    • Antivirus
    • Cameras
    • Cryptocurrency
    • NFT
    • Phones
    • Security
    • Smart Home
    • Software
    • Streaming
    • TVs
    • Wearables
    • Web hosting
    • What To Watch
You are at :Home»News»FBI Launches Operation To Shield Servers From Hafnium
Image via iStockPhoto | media.istockphoto.com

FBI Launches Operation To Shield Servers From Hafnium

Maria del Luna 14 Apr 2021 News, Security, Software, Uncategorized Leave a comment 945 Views

Facebook Twitter linkedin Pinterest Tumblr WhatsAppt Telegram Email More
  • Image via iStockPhoto | media.istockphoto.com

An FBI operation that attempted to stop attacks by the “Hafnium” group and others on Microsoft Exchange servers earlier this year was revealed in a press release on Monday.

Microsoft discovered a new Chinese state-sponsored hacking group called Hafnium in March, which was targeting Exchange servers on company networks. When the four flaws were linked together, the hackers were able to break into a weak Exchange server and steal its contents.

The bugs were patched by Microsoft, but the fixes did not close the backdoors on the servers that had already been hacked. Within days, other hacker groups started using the same bugs to infect compromised servers with ransomware.

A Houston court has ordered the FBI to “copy and remove” backdoors from hundreds of Microsoft Exchange email servers across the country, months after hackers exploited four previously unknown vulnerabilities to target thousands of networks.

The FBI specifically attacked Hafnium’s shells (as outlined in court filings), locating them on a server in the United States, remotely accessing them using the attacker’s own passwords, and executing a command to make them uninstall themselves, thwarting the group’s plans.

The FBI’s request for a search warrant required it to carry out this operation while notifying server administrators. On April 9th, it was granted permission to operate the operation for up to 14 days, as well as the ability to postpone updates for up to 30 days.

“This operation was successful in copying and removing those web shells. However, it did not patch any Microsoft Exchange Server zero-day vulnerabilities or search for or remove any additional malware or hacking tools that hacking groups may have placed on victim networks by exploiting the web shells,” according to the Justice Department.

Before the FBI started its remote Hafnium backdoor removal activity, the FBI claims that thousands of devices were patched by their owners, and that it only removed “removed one early hacking group’s remaining web shells which could have been used to maintain and escalate persistent, unauthorized access to U.S. networks.”

The FBI is now sending emails to server owners, and “attempting to provide notice of the court-authorized operation to all owners or operators of the computers from which it removed the hacking group’s web shells.”

The operation “demonstrates the Department’s commitment to disrupt hacking activity using all of our legal tools, not just prosecutions,” said Assistant attorney general John C. Demers.

This is claimed to be the first time the FBI has successfully cleaned up private networks following a cyberattack. The Supreme Court ruled in 2016 that federal judges may grant search and seizure warrants outside of their jurisdiction. Critics objected at the time, claiming that the FBI would ask a friendly court to sanction cyber-operations anywhere on the planet.

While we are not aware of any precedent for the FBI acting on privately owned servers after they have been attacked, a reporter points out that the FBI dealt with the Coreflood botnet in 2011 by sending a command to an infected machine to shut it down, also with a court order. Beyond this statement, neither the Justice Department nor Microsoft have publicly commented on the operation.

FBI Hafnium Microsoft Microsoft exchange attack Security Bugs 2021-04-14
Maria del Luna
Tags FBI Hafnium Microsoft Microsoft exchange attack Security Bugs

Author

Posted by : Maria del Luna
Maria del Luna is a technophilic writer at TechVisibility who primarily covers the latest in smartphones, social media apps, various software, hybrid cars, and all things celestial. When she is not writing news, she either serves her beloved feline masters, or plays mobile games for hours on end.
Previous Article :

Sony Xperia 5 III: Release Date, Price, And Specs

Next Article :

Final Fantasy 7 Remake Intergrade: Yuffie’s Solo Episode

Related Articles

Fortnite Won’t Run On Steam Deck as CEO Emphasizes the Cheating Problem

Fortnite Won’t Run On Steam Deck as CEO Emphasizes the Cheating Problem

Mike West 07 Feb 2022
Google Claims You Can Now Convert These Macs And PCs Into Chromebooks

Google Claims You Can Now Convert These Macs And PCs Into Chromebooks

Maria del Luna 16 Jul 2022

Google Drive Offline Mode To Have Full Availability

Noah Gravel 05 Sep 2021
YouTube Shorts Will Soon Be Available On Desktops And Tablets

YouTube Shorts Will Soon Be Available On Desktops And Tablets

Maria del Luna 16 Apr 2022
Woman gets over 100 wrong Amazon packages, only to donate it after

Woman gets over 100 wrong Amazon packages, only to donate it after

Summer Collins 29 Jun 2021
Top AI Executive Who Oversaw The Autopilot Vision Team Leaves Tesla

Top AI Executive Who Oversaw The Autopilot Vision Team Leaves Tesla

Pia Allen 15 Jul 2022

Leave a Reply

  • Facebook Comments
  • Disqus Comments (0)
Specify a Disqus shortname at Social Comments options page in admin panel

Recent Posts

  • Communications Company Twilio Announced That Hackers Had Gained Access To Client Data

    Communications Company Twilio Announced That Hackers Had Gained Access To Client Data

    Noah Gravel 09 Aug 2022
  • Avalara, To Be Purchased By Vista Equity Partners For $8.4 Billion

    Avalara, To Be Purchased By Vista Equity Partners For $8.4 Billion

    Noah Gravel 09 Aug 2022
  • When Is The Arrival Of the Much Awaited Android 13?

    When Is The Arrival Of the Much Awaited Android 13?

    Noah Gravel 09 Aug 2022
  • AT&T’s FirstNet Wireless Network– A Huge Relief For First Responders

    AT&T’s FirstNet Wireless Network– A Huge Relief For First Responders

    Noah Gravel 09 Aug 2022
  • New Fatal Fury/Garou Game Gets Unveiled At The Evo 2022 Last Weekend

    New Fatal Fury/Garou Game Gets Unveiled At The Evo 2022 Last Weekend

    Noah Gravel 09 Aug 2022

Random Posts

Communications Company Twilio Announced That Hackers Had Gained Access To Client Data

Communications Company Twilio Announced That Hackers Had Gained Access To Client Data

Avalara, To Be Purchased By Vista Equity Partners For $8.4 Billion

Avalara, To Be Purchased By Vista Equity Partners For $8.4 Billion

When Is The Arrival Of the Much Awaited Android 13?

When Is The Arrival Of the Much Awaited Android 13?

AT&T’s FirstNet Wireless Network– A Huge Relief For First Responders

AT&T’s FirstNet Wireless Network– A Huge Relief For First Responders

New Fatal Fury/Garou Game Gets Unveiled At The Evo 2022 Last Weekend

New Fatal Fury/Garou Game Gets Unveiled At The Evo 2022 Last Weekend


TechVisibility


2493 Technology Drive
Hayward, CA 94545
800-601-4491
contact@techvisibility.com

Follow us

Recent Posts

  • Communications Company Twilio Announced That Hackers Had Gained Access To Client Data

    Communications Company Twilio Announced That Hackers Had Gained Access To Client Data

    Noah Gravel 09 Aug 2022
  • Avalara, To Be Purchased By Vista Equity Partners For $8.4 Billion

    Avalara, To Be Purchased By Vista Equity Partners For $8.4 Billion

    Noah Gravel 09 Aug 2022

Advertisement

  • Terms & Conditions
  • Privacy Policy
  • Cookies Policy
  • Accessibility Statement
  • Advertise
  • About Us
  • Contact Us
  • Do not sell my info
  • YouTube Videos
  • My Account
Copyright 2021, All Rights Reserved
Developed By IdealVisibility.com
Posting....
Go to mobile version