According to the FBI website, the FBI has secretly infiltrated the computers affected by the Hafnium Group with its hacking tools to protect the hundreds of infected computers. A statement issued by the US Department of Justice on April 13th. A process that the agency deems successful.
The federal agency says it is now trying to email server owners whose “back doors” have been removed.
The Hafinium range has rear doors
In January and February 2021, some criminal groups exploited vulnerabilities in Microsoft Exchange to access email accounts and place doors stolen from servers. its just On March 2, Microsoft confirmed The hacking operation was carried out by a group of Chinese state hackers called Halfnium.
The four vulnerabilities discovered by hackers allowed hackers to penetrate the Exchange server and steal its content. In the days that followed, other hacker groups also used these vulnerabilities to install ransomware. Companies using Microsoft 365 (with hosted cloud email) were not affected.
The FBI, another remedy solution
During the month of March, Microsoft released detection and fix tools for these four vulnerabilities so victims can learn about and control the threat. However, despite the solutions applied, hundreds of back doors remained in different companies.
The FBI-led operation focused on removing the remaining back doors, but failed to address the security vulnerabilities Halfnium exploited. Also, it did not find or remove any malware or pirated tools. To be sure, preemptive action aimed at protecting victims despite their failure to take action, but carrying it out in secret combined with an “attempted contact” after the incident could be left in doubt.
The section states: “The FBI removed by sending a command to the server through the back doors, designed so that the server only removes the back doors (identified by the unique path to the file).” American Justice in the April 13 press release.
The FBI is backed by the United States government
The FBI was supported by the entire US government in this process. He acted under a warrant from the Houston, Texas District Court, authorizing him to “copy and delete” back doors from the infected servers. Jennifer B. Lowry, Acting US Attorney for South Texas: “Addressing cyber threats requires partnerships with colleagues in the private sector and government.”
In 2016, the Supreme Court allowed US judges to issue search and seizure warrants outside their jurisdiction. Then critics emerged, arguing that the FBI could ask a court that tends to help it authorize cyber operations anywhere in the world. As part of Microsoft’s case, it appears the FBI first cleaned private servers after a cyber attack before communicating publicly about its process.