This article has been indexed from CSO Online
Security researchers have recently seen a notorious cyberespionage group with ties to the Russian government deploy a new backdoor that’s designed to hook into Active Directory Federation Services (AD FS) and steal configuration databases and security token certificates.
In a new report, Microsoft attributes the malware program called FoggyWeb to a group the company tracks as NOBELIUM, but which is also known in the security industry as APT29 or Cozy Bear. This same group was behind the SolarWinds supply chain compromise last year that resulted in corporate networks being compromised through Trojanized software updates. The group is considered the hacking arm of Russia’s foreign intelligence service, the SVR and is known for its high level of sophistication and stealth.
Read the original article: APT29 targets Active Directory Federation Services with stealthy backdoor