The FBI has hacked hundreds of servers to “copy and remove” malicious software from Microsoft Exchange servers in the United States, the US Department of Justice reports on its website. Several months ago, thousands of these email servers were attacked by hackers. This affected tens of thousands of organizations worldwide, including the US government.
After the attacks, so-called back doors would have remained in systems; malicious software that hackers could re-enter remotely. Many system administrators were able to remove the vulnerabilities themselves, but hundreds remained active.
The FBI used the backdoors to its advantage, using a technical solution to remove only those entries from the servers. For this hack, the FBI got permission from a Houston court. It is the first time that the FBI has cleaned up private networks after a cyber attack. The Ministry of Justice calls the operation a success.
At the beginning of this year, hackers exploited vulnerabilities in Microsoft’s Exchange servers to gain access to corporate and government computer systems. Microsoft found evidence in March that Hafnium, a group of Chinese hackers working on behalf of the state, was carrying out attacks through the affected servers.
Microsoft closed several vulnerabilities, but that did not close back doors that had already been placed in the systems. According to the Ministry of Justice, this left a number of servers vulnerable, because the back doors were difficult to find and remove.
The danger in Exchange servers does not seem to have passed. Microsoft warned Tuesday for two dangerous vulnerabilities in the servers, for which an update has since been released.