Back in January, Hafnium began exploiting Microsoft Exchange’s vulnerabilities, leaving a number of backdoors that could let hackers right into those systems again. Microsoft was made aware of the vulnerability in January, but the company has taken too long to patch it. Now, the FBI is coming to the rescue by trying to protect hundreds of computers infected by the Hafnium hack by hacking them itself(via The Verge).
The FBI’s approach to protecting the infected computers is unique. The US Justice Department is using the same backdoors that Hafnium left on the server to remotely delete them.
“The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell (identified by its unique file path),” explains the US Justice Department.
It’s likely that the Justice Department isn’t making the Exchange customers aware of its involvement. The FBI, however, says that it’s providing notice to customers that they tried to assist. Before you raise your eyebrows, it’s worth noting that the FBI is performing this operation with the full approval of a Texas court.
“Today’s court-authorized removal of the malicious web shells demonstrates the Department’s commitment to disrupt hacking activity using all of our legal tools, not just prosecutions,” reads a statement from Assistant Attorney General John C. Demers, with the Justice Department’s National Security Division.