FBI TLP White PIN: FBI Disrupts Cyber Actors’ Exploitation of Microsoft Exchange Server Vulnerabilities April 13, 2021

April 13, 2021

PIN Number
20210413-002

On 13 April 2021, the Federal Bureau of Investigation (FBI) conducted a court-authorized operation to remove hundreds of malicious web shells from vulnerable servers in the United States in response to the widespread exploitation of critical Microsoft Exchange Server (MES) vulnerabilities by malicious cyber actors. The servers ran on-premises versions of MES, a software used to provide enterprise-level e-mail service. This is unrelated to Microsoft’s 13 April announcement of security updates for additional MES vulnerabilities. View the entire report below. 

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

Senior Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Latest Cybersecurity Alerts

CISA guidance informs users on software products which should be secure by design and demand 
Keeping Up Our Guard and Fighting Back Against Cybercrime
Agencies issue update on BlackSuit ransomware group
AHA podcast: The FBI’s Global Fight Against Cybercrime 
Public
Red Cross, America’s Blood Centers, AABB Say U.S. Faces Critical Blood and Platelet Shortages
See all Cybersecurity Alerts

Key Resources

Related Resources

Special Bulletin
Red Cross, America’s Blood Centers, AABB Say U.S. Faces Critical Blood and Platelet Shortages
Public
Advancing Health Podcast
Going International: The FBI's Global Fight Against Cybercrime
Public
Advisory
American Hospital Association and Health-ISAC Joint Threat Bulletin - TLP White
Public
Advisory
Hospitals in Florida, Other States Impacted by Effects of Cyberattack on Blood-donation Nonprofit OneBlood
Member
Advisory
Ransomware Group Warns of Potential Cyberattack
Member
Advisory
New Resources and Offers for AHA Members to Bolster Cybersecurity Efforts
Public