"Many infected system owners successfully removed the web shells from thousands of computers. Others appeared unable to do so, and hundreds of such web shells persisted unmitigated," the department said.
"This operation removed one early hacking group's remaining web shells which could have been used to maintain and escalate persistent, unauthorized access to US networks."
Despite the operation, those that run Exchange servers are still recommended to follow Microsoft's advice as well as ensure servers are properly patched.
"The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell (identified by its unique file path)," it said.
"This operation was successful in copying and removing those web shells. However, it did not patch any Microsoft Exchange Server zero-day vulnerabilities or search for or remove any additional malware or hacking tools that hacking groups may have placed on victim networks by exploiting the web shells."
Due to each shell having a unique file path and name, the department added it may have been difficult for "individual server owners" to find and remove them. As of the end of March, the department was aware of "hundreds" of shells still working on US servers. Microsoft released its first alerts on the vulnerabilities at the start of March.
The FBI is now attempting to alert server owners that it removed shells from. Affected users with publicly available contact information will receive an "e-mail message from an official FBI e-mail account (@FBI.gov) notifying the victim of the search", and failing that, ISPs will be contacted to provide notice.
"Today's court-authorized removal of the malicious web shells demonstrates the department's commitment to disrupt hacking activity using all of our legal tools, not just prosecutions," Assistant Attorney General for national security John C. Demers said.
"Combined with the private sector's and other government agencies' efforts to date, including the release of detection tools and patches, we are together showing the strength that public-private partnership brings to our country's cybersecurity.
"There's no doubt that more work remains to be done, but let there also be no doubt that the department is committed to playing its integral and necessary role in such efforts."