FBI Removes Malicious Web Shells From Microsoft Exchange Servers

Malicious Web Shells
Share It On:

23 April 2021, Kathmandu

Federal law enforcement, toting a court order, excised malicious web shells from hundreds of exposed servers in the U.S. compromised by the fleecing of zero-day flaws in Microsoft Exchange Server carried out at the year’s outset by a Chinese-backed hacking syndicate.

  • Note: A web shell is a malicious code written in typical web development programming languages that hackers implant on web servers for remote access and to run commands on servers to remain in an infected organization’s network. Attackers install web shells on servers by exploiting security gaps.
  • Recap: In the first two months of 2021, the Hafnium China-sponsored syndicate exploited zero-day vulnerabilities in Microsoft Exchange Server to access email accounts and place web shells that allowed the hackers to persist in victims’ networks. Other hacking groups have subsequently attacked these vulnerabilities to install web shells on thousands of victim computers in the U.S.

While Justice Department officials acknowledged that “many infected system owners” had successfully removed the web shells from thousands of computers, many systems infiltrated by the malicious code remained. The Federal Bureau of Investigation (FBI) conducted an operation to remove the web shells by executing a command through the web shell to the server through which the server deleted only the web shell as identified by its unique file path.

The Department of Justice (DoJ) said that many IT admins have since cleansed their systems of the malicious web shells, which were used for backdoor access to the servers. However, other systems “persisted unmitigated”, which is where the operation came in.

“This operation removed one early hacking group’s remaining web shells which could have been used to maintain and escalate persistent, unauthorized access to U.S. networks. The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell (identified by its unique file path),” said the DoJ. In the meantime, the Bureau is contacting the owners of the computers that they accessed to notify them of the removal of the malware.


Share It On:
Worldlink
NMB Bank

Recent Posts

See More
Transforming Rural Education in Nepal: Huawei’s Smart Classroom Project

Transforming Rural Education in Nepal: Huawei’s Smart Classroom Project

Share It On:22nd January 2025, Kathmandu In a significant step toward bridging the digital divide, Huawei has completed the Smart

Empowering Nepali Entrepreneurs: eSewa and SDC Launch New Insurance Solutions

Empowering Nepali Entrepreneurs: eSewa and SDC Launch New Insurance Solutions

Share It On:22nd January 2024, Kathmandu eSewa, Nepal’s leading digital payment platform, has announced a strategic partnership with the Swiss

Nepal’s IT Ordinance 2025: A Milestone with Challenges Ahead

Nepal’s IT Ordinance 2025: A Milestone with Challenges Ahead

Share It On:22nd January 2024, Kathmandu Green Light for Nepal’s IT Sector: Government Delivers, But Are We Ready to Execute?”

ICFC Finance 9% Debenture Issue 2088: 7-Year Maturity, Apply Now via ASBA & Mero Share

ICFC Finance 9% Debenture Issue 2088: 7-Year Maturity, Apply Now

Share It On:22nd January 2025, Kathmandu ICFC Finance Limited has opened its new debenture issuance today, January 22, 2025 (Magh

  • by Mina Aryal
  • January 22, 2025
Nepal SBI Bank Prioritizes Cybersecurity With Leadership Training

Nepal SBI Bank Prioritizes Cybersecurity With Leadership Training

Share It On:22nd January 2025, Kathmandu Cybersecurity Awareness session for the Board of Directors and Senior Management of Nepal SBI

Nepal Finance Reports Q2 Profit Surge: Expanded Loan Portfolio & Improved Financial Performance

Nepal Finance Reports Q2 Profit Surge: Expanded Loan Portfolio &

Share It On:22nd January 2025, Kathmandu Nepal Finance Limited has seen a dramatic rise in its profits and reserves, driven

  • by Mina Aryal
  • January 22, 2025
Aion V Electric SUV Nepal: 520km to 650km Range, Advanced Features

Aion V Electric SUV Nepal: 520km to 650km Range, Advanced

TVS Apache Nepal: 2 Years Free Service & Spares Campaign

TVS Apache Nepal: 2 Years Free Service & Spares Campaign

Hero Xtreme 160R 4V & 125R: Price, Features, and Launch Details

Hero Xtreme 160R 4V & 125R: Price, Features, and Launch

Pokhara Exchange & Test Drive Carnival Experience Electric Vehicles & Get Attractive Offers

Pokhara Exchange & Test Drive Carnival Experience Electric Vehicles &

Changan Deepal S07L Nepal Launch: Price, Specs, and Features

Changan Deepal S07L Nepal Launch: Price, Specs, and Features

For the First Time the Share of 4G Users is

For the First Time the Share of 4G Users is More than 3G Users

Ncell Awards Palesha Goverdhan For Historic Paralympic Win, Supports Nepal’s

Ncell Awards Palesha Goverdhan For Historic Paralympic Win, Supports Nepal’s Paralympic Team

All Female-managed Ncell Centre Comes into Operation in Maharajgunj

All Female-managed Ncell Centre Comes into Operation in Maharajgunj