FBI cleaned up malicious scripts from hundreds of Vulnerable US Computers

The Department of Justice released a press statement on Wednesday stating that the Federal Bureau of Investigation had successfully cleaned up 100’s of vulnerable Microsoft systems that were hosting malicious scripts. And the crux is that the activity was done without the need to inform the computer owner.

“As the government is partnering with private and public entities to combat cyber threats, it has attained success in warding off all threat that was lurking in the Microsoft Exchange Server systems”, said Jennifer B Lowery, the US Attorney from South District of Texas.

To those uninitiated, a state funded hacking group from China dubbed Hafnium was suspected to be involved in the cyber attack that took place on the Exchange Servers of Microsoft early this year.

In order to neutralize the effect of the cyber attack, the DoJ authorized FBI to remove all malicious scripts from the impacted systems operating across the United States. And the law enforcement agency cleaned up the malicious web shells from all vulnerable computers that shows its commitment to fight cyber threats of any range.

Although the hack was categorically enormous and sophisticated, Microsoft in association with FBI succeeded in warding off the threats.

But does that mean that the Satya Nadella led company has the right to clean up the systems without the permission of the owner?

Well, it is a private firm that gives a lot of information in the fine print to all its users. And if the user continues to use the service, it technically shows that he/she is aware of the rules and regulations that the operating system maker has drafted in advance.

Microsoft released an open source document at the end of March 2021 stating that at least 60,000 US customers of Exchange Server could have been compromised by zero day exploits by Hafnium.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display