The FBI accessed computers — without the knowledge or consent of the owners — to remove hundreds of web shells placed in vulnerable Microsoft Exchange servers.
This week’s Risk & Repeat podcast discusses the FBI’s effort to remove malicious web shells from vulnerable Microsoft Exchange servers.
The Department of Justice this week announced the FBI took the unusual step of obtaining a court order to remotely access computers that were infected with web shells through a series of zero-day vulnerabilities in Microsoft Exchange Server. While the vulnerabilities were disclosed and patched last month, threat actors used these web shells to maintain backdoor access even after the patches were applied.
The court order allowed the FBI to access victims’ computers — without permission or notification — and remove hundreds of web shells associated with a specific, unnamed threat group. The move raised questions about the FBI’s authority, as well as the nature of the threat. SearchSecurity editors Rob Wright and Alex Culafi discuss those issues and more in this episode of Risk & Repeat.