FBI has been actively patching vulnerable computer systems of businesses located in the USA. The fixed systems belong to organizations from both the private and government sectors.
On April 13th, the Department of Justice (DOJ) distributed a press release announcing that the acting US Attorney for the Southern District of Texas has authorized an operation allowing the FBI to access hundreds of vulnerable computers. The court-authorized activity executed by qualified FBI agents aimed to copy and remove malicious web shells from vulnerable or infected computers running on-premises versions of Microsoft Exchange. According to the press release, the operation was a success, and the FBI was only modifying servers located in the USA.
The government response comes after Microsoft released an emergency security update on March 2nd. It patched a security hole in Microsoft’s Exchange email and communications software to versions dating back to 2013. However, even though at least 30,000 organizations have been reported to have been affected by the vulnerability, many companies running on-premises versions of the email client by Microsoft did not apply the patch. They might have missed the security memo from Microsoft; they might have been too slow to do it or were not skillful enough not implement the patches on their email servers.
With this posing a severe security threat, DOJ stepped in and granted the FBI legal access to vulnerable and infected devices. Government agents were able to deal with the vulnerability without needing owners’ consent. After completion, the FBI began attempting to notify all owners and operators of servers it accessed to remove the malicious code. The FBI uses the official FBI.gov email account to inform the Microsoft Exchange server owners. This sadly gives the threat actors another opportunity to impersonate the FBI and execute phishing attacks. The search warrant consisted of getting the FBI to access the compromised servers, copy the web shells as evidence, and delete them for good.
The operation is now over, and DOJ called it a success. However, the actions of the DOJ in conjunction with the FBI have raised many privacy questions. With such efforts to help, the government was suddenly in privately-owned computers without the owner’s consent. The vulnerability was indeed major, and even White House’s press secretary Jen Psaki called it a significant threat that could have far-reaching impacts. However, many are not happy that government agencies have such an easy way into privately owned computer systems and servers.
It is worth mentioning that the Microsoft Exchange server vulnerability that Microsoft patched at the beginning of April has nothing to do with the separate SolarWinds attacks that rattled the US government in 2020. The 2020 United States federal government data breach was executed by intelligence groups close to the Russian government, but the people who have exploited the Microsoft Exchange vulnerability for months appear to be Chinese malicious cyber actors.
Getting an email from the FBI that they’ve accessed your email server might be a scary one, but what might be even more frightening is knowing that Chinese cybercriminals have been monitoring your email for months. Having high-end antivirus software installed on all your connected devices is undoubtedly the right step towards maintaining acceptable cybersecurity levels of your devices.