Warning as Microsoft malware attack 'creates backdoor for hackers' to enter servers

MICROSOFT is warning users of malware used by Nobelium, a group of hackers responsible for the SolarWinds software attack last year.

The hacking unit of the Russian Foreign Intelligence Service was officially blamed for the attack by the US and UK back in April.

The malware, known as FoggyWeb by Microsoft, is being described as a “backdoor” for hackers to target a compromised server. 

Using FoggyWeb, cybercriminals will be able to target Active Directory Federation Services (AD FS) service, meaning they’ll be able to obtain important credentials and resources.

Ramin Nafisi of the Microsoft Threat Intelligence Center detailed all the ways the malware can be used to abuse customers’ servers in a blog on the company’s website.

To users who may have been affected, Microsoft urges them to take steps in an effort to protect themselves.

Users are encouraged to check their on-premise and cloud infrastructure for any changes as well as their user and app settings.

Nafisi also recommends that customers remove user and app access and create strong password credentials.

Lastly, a hardware security module (HSM) should be used to prevent FoggyWeb from accessing important information in the AD FS servers.

“Protecting AD FS servers is key to mitigating Nobelium attacks,” said Nafisi. “Detecting and blocking malware, attacker activity, and other malicious artifacts on AD FS servers can break critical steps in known Nobelium attack chains.

Back in May, another Nobelium attack targeted over 3,000 emails accounts belonging to human rights organizations.

Access was gained to the email service used by USAID but most of the attacks were blocked.

We pay for your stories!

Do you have a story for The US Sun team?

Email us at [email protected] or call 212 416 4552.

Like us on Facebook at www.facebook.com/TheSunUS and follow us from our main Twitter account at @TheSunUS

    Source: Read Full Article