The FBI Takes a Drastic Step to Fight China’s Hacking Spree – WIRED1 min read

https://www.wired.com/story/fbi-takes-drastic-step-to-fight-china-hacking-spree/

“If the Microsoft Exchange servers they interacted with were fully patched and they really erased any and all web shells on the backdoor servers, it ought to be rather effective,” states Steven Adair, creator of security firm Volexity, which first recognized the Hafnium attack. The FBI could have asked to scan for ransomware or illicit products that might be present on the server, or to proactively spot servers that were still vulnerable. “In this case, the FBI is acquiring access to victim-owned Exchange servers, copying web shells from them, and then deleting those web shells.

“If the Microsoft Exchange servers they engaged with were completely covered and they actually deleted any and all web shells on the backdoor servers, it must be rather effective,” says Steven Adair, founder of security company Volexity, which initially determined the Hafnium attack. The FBI could have asked to scan for ransomware or illicit products that may be present on the server, or to proactively patch servers that were still susceptible. “In this case, the FBI is getting access to victim-owned Exchange servers, copying web shells from them, and then erasing those web shells.” The FBI will continue to use all tools available to us as the lead domestic law enforcement and intelligence firm to hold harmful cyber stars liable for their actions,” stated Tonya Ugoretz, acting assistant director of the FBIs Cyber Division.Anytime law enforcement tries something new– or at least puts a new spin on an old script– slippery slopes naturally end up being an issue.

Leave a Reply

Your email address will not be published. Required fields are marked *