Microsoft warns the users of the new kinds of malware that they have detected. They have found it and named it FoggyWear themselves. It is indeed very uncertain when and where our device will be attacked by malware.
The malware is dangerous like all other ones. This one is being used by the hackers to steal the admin info from the user’s account. The admin credentials are personal and important. Gaining access to this info is making it very risky.
Microsoft has also come up with a name for the attacker group. The company calls it Nobelium. They are using this malware to hack into the admin account of the Active Directory Federation Services (AD FS) servers and control users’ access to various resources.
Microsoft has also gone ahead and claimed that they are pretty sure that this is the same hacker group that were responsible for the Solar Winds software supply chain attack that took place last year December. The malware is like a door for hackers. You can also say that it is like a back door for them because by using this malware, the hackers can come up and then steal tokens and certificates from the Microsoft identity program.
The current set of hackers are using this malware but including this, they are also using a bunch of other tactics that is required to get the personal info out of the servers. They are targeting servers, and they are being very clever about it.
They are not just targeting any server without any rhyme or reason. They are attacking the particular servers which are weakened and then have a compromised security system. That’s when they are breaching it completely using the malware.
Ramin Nafisi, who is also known to be the Microsoft Threat Intelligence Center, says: “Nobelium is very dangerous as it uses FoggyWeb to remotely exfiltrate the configuration database, then they are using their knowledge in order to decrypt token-signing certificate and token-decryption certificate. They are also in on this to download and execute additional components”.
“FoggyWeb is a very passive and highly targeted backdoor that is acting like malware. It is very dangerous, and it is capable of remotely exfiltrating sensitive information out of a very weak and from a very compromised AD FS server. It also does not stop there since it also has the ability to receive additional malicious components from a command-and-control (C2) server” Microsoft says.
