Connect with us
Nobelium Group Used FoggyWeb Backdoor to Attack Active Directory FS Nobelium Group Used FoggyWeb Backdoor to Attack Active Directory FS

Security

Nobelium Group Used FoggyWeb Backdoor to Attack Active Directory FS Servers

Published

on

The malware was used to install payloads and steal confidential information from servers.

Microsoft specialists told details on the malware FoggyWeb, operated by the Nobelium hacker group (also known as APT29, The Dukes or Cozy Bear), which was responsible for the attack on SolarWinds’ supply chain last December. The malware was used in attacks to install additional payloads and steal confidential information from Active Directory Federation Services (AD FS) servers.

The tech giant’s Threat Intelligence Center (MSTIC) team has linked the FoggyWeb backdoor to the Nobelium faction. FoggyWeb complements the list of cyber-grouping tools including Sunburst, Sunspot, Raindrop, Teardrop, GoldMax, GoldFinder, Sibot, Flipflop, NativeZone, EnvyScout, BoomBox, and VaporRage.

“Once Nobelium steals credentials and successfully breaks into a server, the group persists and travels across the network using sophisticated malware and tools. Nobelium uses FoggyWeb to remotely steal the configuration database of compromised AD FS servers, the decrypted token signing certificate and the token decryption certificate, and to download and execute additional components, ”the experts explained.

FoggyWeb is capable of transmitting sensitive information from a compromised AD FS server, as well as receiving and executing additional malicious payloads received from a grouping-controlled server. The malware is also designed to track all incoming HTTP GET and POST requests sent to the server from the company’s internal network and intercept HTTP requests.

Click to comment

Leave a Reply

Your email address will not be published.

Security

Is Elon Musk’s Satellite Internet Under Threat? Enthusiast Hacked Starlink User Terminal

Published

on

Is Elon Musks Satellite Internet Under Threat Enthusiast Hacked Starlink

At the Black Hat Security Technology Conference recently held in Las Vegas, Lennert Wouters, a cybersecurity specialist from KU Leuven (Belgium), shared his experience of successfully hacking Starlink user equipment. True, this was not a classic software hack, since the researcher had to make a so-called “modchip”.

Is Elon Musk's Satellite Internet Under Threat?  Enthusiast Hacked Starlink User Terminal

The cost of manufacturing a chip connected to a Starlink subscriber terminal was $25. The chip caused a short-term short circuit, which disabled the built-in protection systems, after which the specialist gained access to the terminal. And already from it you can run any commands.

Is Elon Musk's Satellite Internet Under Threat?  Enthusiast Hacked Starlink User Terminal

Our attack could render Starlink user terminals unusable and allow us to execute arbitrary code.”Wouters said.

Is Elon Musk's Satellite Internet Under Threat?  Enthusiast Hacked Starlink User Terminal

This is what the Starlink terminal looks like

According to the researcher, the only reliable way to avoid such an attack is to create a new version of the main “dish” chip. Other ways to fix the problem. However, this hacking option provides direct access to subscriber equipment, and this is not the easiest option, but the Starlink system, apparently, is well protected from remote hacking. So its users hardly need to worry.

Continue Reading

Security

Hackers hacked Europe’s largest missile manufacturer

Published

on

Hackers hacked Europes largest missile manufacturer

Unknown hackers, acting under the nickname Adrastea, hacked into the database of the largest European missile manufacturer – MBDA, formed as a result of the merger of the French Aérospatiale-Matra Missiles, the British Matra BAe Dynamics and the Italian Finmeccanica-Leonardo. This was reported by Security Affairs.

Hackers hacked Europe's largest missile manufacturer

The attackers’ message about gaining access to the company’s network appeared on one of the forums. As evidence, a link to an archive with demo files was attached.

The total amount of stolen data was estimated by hackers at 60 GB. “The uploaded data contains confidential and confidential information about your company’s employees who took part in the development of closed military projects MBDA (PLANCTON, CRONOS, CA SIRIUS, EMADS, MCDS, B1NT, etc..) and about your company’s commercial activities in the interests of the EU Ministry of Defense (design documentation for air defense systems, missile systems and coastal defense systems, drawings, presentations, video and photo (3D) materials, contract agreements and correspondence with other companies Rampini Carlo, Netcomgroup, Rafael, Thales, ST Electronics, etc.”, the hackers wrote.

Adrastea is ready to discuss the cost of the stolen data array. MBDA has not yet commented on the incident.

MBDA manufactures a wide variety of missiles and related installations. For example, the company produces air-to-air missiles AIM-132 ASRAAM (short range, with IR guidance), MBDA Meteor (long range), MICA (medium range, with IR and radar guidance). The company’s product range also includes surface-to-air missiles – Mistral (MANPADS), MBDA Aster (medium and long range), Aspide Mk.1 (medium range), Sea Wolf (SAM), anti-ship (Exocet, Otomat, Marte, Sea Skua) and anti-tank (ERYX, Brimstone, HOT) missiles.

Continue Reading

Security

Samsung is ahead of the curve again. The company released the August security patch for three flagship lines at once

Published

on

Samsung is ahead of the curve again The company released

Samsung was the first company in the market to release the August security patch for its smartphones. Moreover, for three flagship lines at once: Galaxy S20, S21 and S22.

Samsung is ahead of the curve again.  The company released the August security patch for three flagship lines at once

Today, owners of these smartphones in Germany began to receive updates, including a security patch. Usually, users from other countries do not have to wait long. The August security patch fixes dozens of vulnerabilities, so it’s quite important.

Samsung has sometimes been ahead of even Google in recent years, releasing security patches earlier and offering longer support for its flagships, although just three or four years ago, Samsung was almost the worst in this matter.

Continue Reading

Most Popular