The Federal Bureau of Investigation (FBI) has been hacking into “hundreds” of vulnerable computers of US companies to remove malware from their software, the US Department of Justice (DOJ) announced on Tuesday.
The operation, approved by a federal court, presupposed wiping out “back doors” into American-based servers that were earlier exposed to malware by a Microsoft Exchange vulnerability identified by the company, reported The Washington Post.
“Today’s court-authorised removal of the malicious web shells demonstrates the Department’s commitment to disrupt hacking activity using all of our legal tools, not just prosecutions,” Assistant Attorney General John C. Demers of the Justice Department’s National Security Division said in a statement.
With the hacking operation still ongoing, the DOJ said it was “committed to playing its integral and necessary role in such efforts.”
The move comes after Microsoft accused Chinese hackers of carrying out a massive and sophisticated cyber attack on its Exchange email service in March.
The software giant claimed that a “state-sponsored threat actor” referred to as “Hafnium” had exploited multiple security flaws in Microsoft’s email service software – now fixed – to steal data and plant malware from January 2021.
China dismissed the claims, with Chinese Foreign Ministry Spokesman Wang Wenbin saying Beijing “firmly opposes and combats cyber attacks and cyber theft in all forms,” and warning that blaming any nation without providing evidence is a “highly sensitive political issue."
In line with the sweeping recent "takedown," the FBI ran insecure versions of Microsoft software in order to patch the flaws, in other words, exploiting the same weaknesses in the servers that have still not been fixed to preclude further hacking attacks.
The shells removed by law enforcement “each had a unique file path and name, they may have been more challenging for individual server owners to detect and eliminate than other web shells,” according to the DOJ.
US officials and Microsoft claim the damage from the major security flaw allowed hackers to infiltrate the servers of at least 30,000 American organisations.
While removing malware placed by one hacker group, the operation carried out by the FBI stopped short of actively fixing the underlying vulnerability.
This leaves the affected computers vulnerable to malware in the future, unless their owners take action to protect them. The FBI is “attempting” to notify all the owners, it added.