Threat Post

SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor

Microsoft is warning that the Nobelium APT is compromising single-sign-on servers to install a post-exploitation backdoor that steals data and maintains network persistence. The threat actors behind ...
Bleeping Computer

Microsoft: Nobelium uses custom malware to backdoor Windows domains

Microsoft has discovered new malware used by the Nobelium hacking group to deploy additional payloads and steal sensitive info from Active Directory Federation Services (AD FS) servers. Nobelium, the ...
CSOonline

APT29 targets Active Directory Federation Services with stealthy backdoor

Security researchers have recently seen a notorious cyberespionage group with ties to the Russian government deploy a new backdoor that’s designed to hook into Active Directory Federation Services (AD ...
Dark Reading

Microsoft Warns of 'FoggyWeb' Malware Targeting AD FS Servers

The attack group Microsoft tracks as Nobelium is using a new post-exploitation backdoor capable of stealing sensitive data from a compromised Active Directory Federation Services (AD FS) server, the ...
IT News For Australia Business

SolarWinds attackers drop 'FoggyWeb' backdoor on AD SSO servers

Microsoft has published extensive information on new malware it calls FoggyWeb, deployed by Russia-linked threat actors Nobelium who are said to be behind the devastating SolarWinds supply chain ...