Security News > 2021 > September > Microsoft: Nobelium uses custom malware to backdoor Windows domains
Microsoft has discovered new malware used by the Nobelium hacking group to deploy additional payloads and steal sensitive info from Active Directory Federation Services servers.
The malware, dubbed by Microsoft Threat Intelligence Center researchers FoggyWeb, is a "Passive and highly targeted" backdoor that abuses the Security Assertion Markup Language token.
"NOBELIUM uses FoggyWeb to remotely exfiltrate the configuration database of compromised AD FS servers, decrypted token-signing certificate, and token-decryption certificate, as well as to download and execute additional components," Microsoft said.
Microsoft has already alerted notified customers that were targeted or compromised using this backdoor.
In May, Microsoft researchers also revealed four other malware families used by Nobelium in their attacks: a downloader known as 'BoomBox,' an HTML attachment named 'EnvyScout,' a shellcode downloader and launcher named 'VaporRage,' and a loader known as 'NativeZone,'.
"They detailed three more Nobelium malware strains used for layered persistence in March: a command-and-control backdoor dubbed 'GoldMax,' a persistence tool and malware dropper named 'Sibot," and an HTTP tracer tool tracked as 'GoldFinder.
News URL
Related news
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Microsoft expands testing of Windows 11 admin protection feature (source)
- Microsoft starts force upgrading Windows 11 22H2, 23H3 devices (source)