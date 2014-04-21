In what may be a first-of-its-kind operation (the first that is publicly acknowledged), the FBI recently accessed private servers across the United States, ostensibly to delete malware that had previously been installed by foreign hackers.

The FBI targeted this unique digital clean-up at servers running the vulnerability-ridden email product Microsoft Exchange. The U.S. Justice Department said Tuesday that the purpose of the bureau's operation was to digitally erase traces of web shells that, had they remained, "could have been used to maintain and escalate persistent, unauthorized access to U.S. networks."

[...] A federal affidavit unsealed Tuesday strongly implies that the goal of the FBI's operation was to remove malware specifically deployed by HAFNIUM. While the Justice Department does not explicitly name HAFNIUM (referring only to "one early hacking group" as the target of the investigation), it is the only threat actor explicitly mentioned in the FBI affidavit.