Microsoft Warns Of Malware With Persistent Backdoor For Hackers

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Microsoft has uncovered another piece of malware used by the attackers who were behind the SolarWinds software supply chain attack discovered in December.   

Security researchers have discovered numerous modules used by the attack group, which Microsoft calls Nobelium. The US and UK in April officially blamed the attack on the hacking unit of the Russian Foreign Intelligence Service (SVR), which are also known as APT29, Cozy Bear, and The Dukes.  

Microsoft in March uncovered the GoldMax, GoldFinder, and Sibot components from Nobelium, building on other malware from the group including Sunburst/Solarigate, Teardrop and Sunspot.  

SEE: Four months on from a sophisticated cyberattack, Alaska’s health department is still recovering

The newly discovered malware, called FoggyWeb by Microsoft, is a backdoor used by the attackers after a targeted server has already been compromised. 

In this case, the group uses several tactics to steal network usernames and passwords to gain admin-level access to Active Directory Federation Services (AD FS)

Read the article