��

FBI TLP White PIN: FBI Disrupts Cyber Actors’ Exploitation of Microsoft Exchange Server Vulnerabilities April 13, 2021

April 13, 2021

PIN Number
20210413-002

On 13 April 2021, the Federal Bureau of Investigation (FBI) conducted a court-authorized operation to remove hundreds of malicious web shells from vulnerable servers in the United States in response to the widespread exploitation of critical Microsoft Exchange Server (MES) vulnerabilities by malicious cyber actors. The servers ran on-premises versions of MES, a software used to provide enterprise-level e-mail service. This is unrelated to Microsoft’s 13 April announcement of security updates for additional MES vulnerabilities. View the entire report below.

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

Senior Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi

Learn more about AHA's Cybersecurity and Risk Advisory Services

Latest Cybersecurity Alerts

Apr 25, 2025

Episode 8: The Missing Link In Healthcare Cybersecurity Programs

Apr 17, 2025

CISA releases guidance following reported legacy Oracle cloud breach

Apr 10, 2025

Agencies issue guidance on navigating deceptive online recruitment of current and former federal employees

Apr 3, 2025

[Updated] 3 Must-know Cyber and Risk Realities: What’s Ahead for Health Care in 2025

Apr 1, 2025

House subcommittee holds hearing on cybersecurity vulnerabilities in legacy medical devices

See all Cybersecurity Alerts

FBI TLP White PIN: FBI Disrupts Cyber Actors’ Exploitation of Microsoft Exchange Server Vulnerabilities April 13, 2021