Authorities have executed a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable on-premises versions of Microsoft Exchange Server software in the United States. The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the. web shell (identified by its unique file path) This operation removed one early hacking group’s remaining web shells which could have been used to maintain and escalate persistent, unauthorized access to U.S. networks.
Source: https://www.helpnetsecurity.com/2021/04/14/fbi-microsoft-exchange/