FBI: Hundreds of computers from US-based companies were hacked by the FBI on Tuesday. But unlike the actions taken by cybercriminals, the campaign carried out by the government had good reason, according to information released by the US Department of Justice.
According to the official statement of the agency, the operation led by FBI experts was aimed at removing malicious code installed on PCs during the cyber attack on the Microsoft Exchange, which occurred between the months of January and February, which would have Chinese hackers of the Hafnium group as authors , according to the accusation of the owner of Windows.
By exploiting the vulnerabilities of Microsoft’s email service, cyber criminals have left a series of web shells on the attacked machines, malicious code that acts as backdoors, allowing for unauthorized remote access on an ongoing basis. About 30 thousand American companies that run the software may have been the target of this action.
As not all of the companies affected were able to remove the malware, despite the efforts of the Redmond giant, the FBI needed to act to eliminate the malicious web shells still present on the vulnerable computers, preventing the theft of more data and sensitive information.
Homeowners to be warned of FBI “invasion”
This “FBI hacker invasion” of the PCs hit by the Hafnium attack was done in a completely legal manner, according to the U.S. Department of Justice, with authorization from a Texas state court.
The American authorities did not disclose the exact number of machines accessed remotely in this campaign, saying only that “hundreds of infected computers” are now clean.
The next step in the operation is to notify the owners of the devices that were the target of the “attack” about cleaning remotely by government experts. The notice will reach companies by e-mail, in a message sent by the bureau’s official account (@ fbi.gov).