November 28, 2021

Volume XI, Number 332

Advertisement
Advertisement

Court Authorizes FBI to Remove Web Shells from Compromised Microsoft Exchange Servers

On April 13, 2021, the U.S. Department of Justice (“DOJ”) announced that the Federal Bureau of Investigation (“FBI”) executed a court-authorized removal of malicious web shells from hundreds of vulnerable computers in the U.S.

Earlier this year, hacking groups exploited vulnerabilities in Microsoft Exchange Server software to access e-mail accounts and install web shells on victim computers for continued, unauthorized access to U.S. networks. While many affected system owners were able to successfully remove the web shells from thousands of computers, hundreds of web shells remained. The FBI’s operation removed the remaining web shells by issuing a command through the web shells to the server, which was designed to cause the server to delete only the web shells. According to Acting U.S. Attorney Jennifer B. Lowery of the Southern District of Texas, “Combatting cyber threats requires partnerships with private sector and government colleagues. This court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable computers shows our commitment to use any viable resource to fight cyber criminals.”

According to the DOJ, the FBI is attempting to provide notice of the court-authorized operation to all owners or operators of the computers from which the FBI removed the hacking group’s web shells. For those owners and operators with publicly available contact information, the FBI will send an e-mail message from an official FBI e-mail account (@FBI.gov) notifying the owner or operator of the search. For those owners and operators whose contact information is not publicly available, the FBI will send an e-mail message from the same FBI e-mail account to providers (such as an owner or operator’s ISP) who are believed to have the contact information and ask them to provide notice to the owner or operator.

For more information, see the DOJ’s press release.

 

Copyright © 2021, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XI, Number 105
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement
Advertisement