FBI operation removes malware from U.S. computers

April 13 (UPI) — After Microsoft revealed last month that Chinese state-sponsored hackers had attacked networks in the United States through its popular email and calendar server, prosecutors said the FBI has erased remaining malicious code from hundreds of private U.S. computers.

Microsoft in early March announced it found Chinese hacker group HAFNIUM had exploited vulnerabilities in its Exchange servers that enabled access to email accounts and allowed for the installation of malware on computers that permitted long-term access.

The Justice Department said in a statement Tuesday the group exploited the issues through January and February and once the vulnerabilities were publicized last month, other groups sought to take advantage.

Patches and updates were successful in removing most of these web shells from infected computers, but hundreds remained until Tuesday when the FBI removed them through the court-authorized operation, it said.

“Today’s court-authorized removal of the malicious web shells demonstrates the department’s commitment to disrupt hacking activity using all our legal tools, not just prosecutions,” said Assistant Attorney General John C. Demers for the Justice Department’s National Security Division.

The Justice Department explained the operation removed the early web shells through issuing a command through them to the server that was designed to cause the server to delete the web shells.

The FBI is attempting to contact via email those whose computers they deleted the web shell from, it said.

The Justice Department added that though the operation was a success, it did not patch Microsoft’s vulnerabilities or search and remove any additional malware or hacking tools that may have been placed on the victims’ networks.

“There’s no doubt that more work remains to be done, but let there also be no doubt that the department is committed to playing its integral and necessary role in such efforts,” Demers said.

The Microsoft hack came months after Russian state-sponsored hackers breached several federal agencies including the Department of Homeland Security through SolarWinds products.