The FBI is Hacking Exchange Servers…to FIX Them!

by

April 15, 2021

The headline isn’t clickbait, I promise. The Federal Bureau of Investigations is hacking into Microsoft Exchange Servers across the country to…protect them from Hafinum.
We’ve previously written about the problems facing unpatched Exchange Servers here on the Security7 blog. So you don’t have to leave this page (though you can if you click on those links) we’ll summarize what’s going on here.

In March of this year, Microsoft announced four vulnerabilities that, when combined, used their powers for evil! Well, sort of. When the four vulnerabilities were exploited in conjunction, it allowed for hackers to break into Exchange Servers and steal sensitive data.
Microsoft released patches that took care of the vulnerabilities shortly thereafter.

Unfortunately, if an Exchange Server had previously been breached BEFORE the patch was installed, it was hosed and there was no way to close the backdoor. Yadda, yadda, yadda, nature abhors a vacuum, and hackers across the world were using these doors to deploy ransomware.
This is where the Justice Department and the FBI come in. Earlier this week a court in Houston, TX gave the two agencies permission to “copy and remove” the backdoors from the impacted Exchange Servers.

The details remain…sparse. But basically, the FBI has been permitted to access impacted Exchange Servers, issuing a command through the malicious web shell to the server and delete it (the web shell, not the server).

After this is done, the FBI has said they’re notifying server owners via email to let them know the jobs have been done…even though they had no idea the job was being done in the first place. If I’m being honest (and I try to be), getting an unsolicited email from the “FBI” informing me they’d been in my Microsoft Exchange Server with what is essentially a “bottle of bleach and a rag,” I’d be fairly suspicious.

Anyways…the Justice Department has said that even though they’re cleaning up the Exchange Servers, they’re not updating them, and installing Microsoft’s patches will still be necessary.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Don’t forget to follow us on LinkedIn and Twitter

Carl Keyser is the Content Manager at Integris.

Keep reading

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects? The Quick Take Managing IT projects effectively is crucial for ensuring success and maximizing ROI. Here are the best practices to follow: Define Clear Objectives and Scope: Set specific, measurable, achievable,...

What Is The Future of Managed IT Services?

What Is The Future of Managed IT Services?

What Is the Future of Managed IT Services? The Quick Take: The future of managed IT services for small and medium-sized businesses is bright, with the market expected to grow from $1.735 trillion to $2.173 trillion by 2028. Key trends driving this growth include:...

The Regulatory Outlook for 2025 and What That Means for Banking IT

The Regulatory Outlook for 2025 and What That Means for Banking IT

With a new administration coming in, 2025 promises to be a year of change. But will it significantly impact banking regulation and your bank’s cybersecurity? No one has a crystal ball, of course, but recent global outlooks for the banking industry seem to point to two...