FBI to remove backdoors from hacked Microsoft Exchange servers, in a first for federal agency

A US court has authorised Federal Bureau of Investigation to directly investigate backdoors into hundreds of Microsoft Exchange email servers across the US. Four months ago, hackers had used vulnerabilities in the server to attack multiple networks.

As part of this move, the FBI will be allowed to copy and remove backdoors, as announced by the Justice Department on Tuesday, TechCrunch first reported.

Microsoft had discovered a new hacking group from China in March called “Hafnium” which targeted Exchange servers on company networks. Clubbed together, the four vulnerabilities allowed hackers to get access to a vulnerable Exchange server and successfully steal its contents.

Also read: 'Putin's chef' urges FBI to remove his name from wanted list of criminals

Even though Microsoft claimed that the vulnerabilities were patched, but the patches from backdoors did not close. After the loopholes became public, multiple hacking groups began capitalising on servers and installing ransomware.

According to a Justice Department statement, hundreds of Microsoft Exchange servers continue to remain vulnerable as backdoors remain difficult to identify and to get rid of.

Also read: FBI releases new footage of Washington pipe bomb suspect

The FBI is attempting to inform owners of servers via email after removal of backdoors. According to the Justice Department, the operation only removed the backdoors, but failed to fix the loopholes in place. In addition, the malware installed by hackers has not been removed. This marks the first FBI intervening in private networks after a cyberattack.