In early March, Microsoft disclosed that the Chinese state-sponsored hacking group Hafnium had successfully infected tens of thousands of Microsoft Exchange servers in a massive and extensive hacking campaign. Although Microsoft promptly released a patch to fix the vulnerability and urged users to implement the fix as soon as possible, not every victim updated their systems as recommended. Over a month later, recently unsealed court documents detail how the FBI took drastic measures to protect organizations and entities still at risk to the campaign.
The Department of Justice revealed the documents earlier this week, disclosing that the FBI obtained a warrant to copy and delete the web shells planted by Hafnium to protect US entities. The web shells are utilized to maintain a foothold into a system that is used by attackers to send remote commands and malware, in this case, to hundreds of victims. Although the operations seem necessary and straightforward when considering the risks at hand, they establish a precedent that has been controversial among privacy experts. The approach could be beneficial, according to some cybersecurity professionals, although it must be used with extreme caution and thorough analysis.
Read More: The FBI Takes a Drastic Step to Fight China’s Hacking Spree