FBI deletes web shells from hundreds of compromised Microsoft Exchange servers

The Feds were given approval by the courts to carry out the deletions, which occurred without first warning the servers' owners, following the discovery and exploitation of critical vulnerabilities in the enterprise software.

“Although many infected system owners successfully removed the web shells from thousands of computers, others appeared unable to do so, and hundreds of such web shells persisted unmitigated,” the Justice Department noted in an announcement. “Today’s operation removed one early hacking group’s remaining web shells, which could have been used to maintain and escalate persistent, unauthorized access to US networks.”