FBI Hacks Vulnerable US Computers in Sweeping Takedown of Malware Blamed on China

Software giant Microsoft accused China of orchestrating a hack attack in March, alleging that a “state-sponsored threat actor” referred to as “Hafnium” had taken advantage of multiple security vulnerabilities in Microsoft’s email service software to steal data.

The Federal Bureau of Investigation (FBI) has been hacking into “hundreds” of vulnerable computers of US companies to remove malware from their software, the US Department of Justice (DOJ) announced on Tuesday.

The operation, approved by a federal court, presupposed wiping out “back doors” into American-based servers that were earlier exposed to malware by a Microsoft Exchange vulnerability identified by the company, reported The Washington Post.

“Today’s court-authorised removal of the malicious web shells demonstrates the Department’s commitment to disrupt hacking activity using all of our legal tools, not just prosecutions,” Assistant Attorney General John C. Demers of the Justice Department’s National Security Division said in a statement.

With the hacking operation still ongoing, the DOJ said it was “committed to playing its integral and necessary role in such efforts.”

HackersExploit 'Flaws'

The move comes after Microsoft accused Chinese hackers of carrying out a massive and sophisticated cyber attack on its Exchange email service in March.

The software giant claimed that a “state-sponsored threat actor” referred to as “Hafnium” had exploited multiple security flaws in Microsoft’s email service software – now fixed – to steal data and plant malware from January 2021.

China dismissed the claims, with Chinese Foreign Ministry Spokesman Wang Wenbin saying Beijing “firmly opposes and combats cyber attacks and cyber theft in all forms,” and warning that blaming any nation without providing evidence is a “highly sensitive political issue."

Sweeping ‘Takedown’

In line with the sweeping recent "takedown," the FBI ran insecure versions of Microsoft software in order to patch the flaws, in other words, exploiting the same weaknesses in the servers that have still not been fixed to preclude further hacking attacks.

Cyber space

The shells removed by law enforcement “each had a unique file path and name, they may have been more challenging for individual server owners to detect and eliminate than other web shells,” according to the DOJ.

US officials and Microsoft claim the damage from the major security flaw allowed hackers to infiltrate the servers of at least 30,000 American organisations.

While removing malware placed by one hacker group, the operation carried out by the FBI stopped short of actively fixing the underlying vulnerability.

This leaves the affected computers vulnerable to malware in the future, unless their owners take action to protect them. The FBI is “attempting” to notify all the owners, it added.

AI Disclaimer: An advanced artificial intelligence (AI) system generated the content of this page on its own. This innovative technology conducts extensive research from a variety of reliable sources, performs rigorous fact-checking and verification, cleans up and balances biased or manipulated content, and presents a minimal factual summary that is just enough yet essential for you to function as an informed and educated citizen. Please keep in mind, however, that this system is an evolving technology, and as a result, the article may contain accidental inaccuracies or errors. We urge you to help us improve our site by reporting any inaccuracies you find using the "Contact Us" link at the bottom of this page. Your helpful feedback helps us improve our system and deliver more precise content. When you find an article of interest here, please look for the full and extensive coverage of this topic in traditional news sources, as they are written by professional journalists that we try to support, not replace. We appreciate your understanding and assistance.