Security researchers have recently seen a notorious cyberespionage group with ties to the Russian government deploy a new backdoor that's designed to hook into Active Directory Federation Services (AD FS) and steal configuration databases and security token certificates.
[ How well do you know these 9 types of malware and how to recognize them. | Sign up for CSO newsletters! ]
In a new report, Microsoft attributes the malware program called FoggyWeb to a group the company tracks as NOBELIUM, but which is also known in the security industry as APT29 or Cozy Bear. This same group was behind the SolarWinds supply chain compromise last year that resulted in corporate networks being compromised through Trojanized software updates. The group is considered the hacking arm of Russia's foreign intelligence service, the SVR and is known for its high level of sophistication and stealth.
To read this article in full, please click here
Support the originator by clicking the read the rest link below.
