The malware was used to install payloads and steal confidential information from servers.
Microsoft specialists told details on the malware FoggyWeb, operated by the Nobelium hacker group (also known as APT29, The Dukes or Cozy Bear), which was responsible for the attack on SolarWinds’ supply chain last December. The malware was used in attacks to install additional payloads and steal confidential information from Active Directory Federation Services (AD FS) servers.
The tech giant’s Threat Intelligence Center (MSTIC) team has linked the FoggyWeb backdoor to the Nobelium faction. FoggyWeb complements the list of cyber-grouping tools including Sunburst, Sunspot, Raindrop, Teardrop, GoldMax, GoldFinder, Sibot, Flipflop, NativeZone, EnvyScout, BoomBox, and VaporRage.
“Once Nobelium steals credentials and successfully breaks into a server, the group persists and travels across the network using sophisticated malware and tools. Nobelium uses FoggyWeb to remotely steal the configuration database of compromised AD FS servers, the decrypted token signing certificate and the token decryption certificate, and to download and execute additional components, ”the experts explained.
FoggyWeb is capable of transmitting sensitive information from a compromised AD FS server, as well as receiving and executing additional malicious payloads received from a grouping-controlled server. The malware is also designed to track all incoming HTTP GET and POST requests sent to the server from the company’s internal network and intercept HTTP requests.
Is Elon Musk’s Satellite Internet Under Threat? Enthusiast Hacked Starlink User Terminal
At the Black Hat Security Technology Conference recently held in Las Vegas, Lennert Wouters, a cybersecurity specialist from KU Leuven (Belgium), shared his experience of successfully hacking Starlink user equipment. True, this was not a classic software hack, since the researcher had to make a so-called “modchip”.
The cost of manufacturing a chip connected to a Starlink subscriber terminal was $25. The chip caused a short-term short circuit, which disabled the built-in protection systems, after which the specialist gained access to the terminal. And already from it you can run any commands.
“Our attack could render Starlink user terminals unusable and allow us to execute arbitrary code.”Wouters said.
According to the researcher, the only reliable way to avoid such an attack is to create a new version of the main “dish” chip. Other ways to fix the problem. However, this hacking option provides direct access to subscriber equipment, and this is not the easiest option, but the Starlink system, apparently, is well protected from remote hacking. So its users hardly need to worry.
Hackers hacked Europe’s largest missile manufacturer
Unknown hackers, acting under the nickname Adrastea, hacked into the database of the largest European missile manufacturer – MBDA, formed as a result of the merger of the French Aérospatiale-Matra Missiles, the British Matra BAe Dynamics and the Italian Finmeccanica-Leonardo. This was reported by Security Affairs.
The attackers’ message about gaining access to the company’s network appeared on one of the forums. As evidence, a link to an archive with demo files was attached.
The total amount of stolen data was estimated by hackers at 60 GB. “The uploaded data contains confidential and confidential information about your company’s employees who took part in the development of closed military projects MBDA (PLANCTON, CRONOS, CA SIRIUS, EMADS, MCDS, B1NT, etc..) and about your company’s commercial activities in the interests of the EU Ministry of Defense (design documentation for air defense systems, missile systems and coastal defense systems, drawings, presentations, video and photo (3D) materials, contract agreements and correspondence with other companies Rampini Carlo, Netcomgroup, Rafael, Thales, ST Electronics, etc.”, the hackers wrote.
Adrastea is ready to discuss the cost of the stolen data array. MBDA has not yet commented on the incident.
MBDA manufactures a wide variety of missiles and related installations. For example, the company produces air-to-air missiles AIM-132 ASRAAM (short range, with IR guidance), MBDA Meteor (long range), MICA (medium range, with IR and radar guidance). The company’s product range also includes surface-to-air missiles – Mistral (MANPADS), MBDA Aster (medium and long range), Aspide Mk.1 (medium range), Sea Wolf (SAM), anti-ship (Exocet, Otomat, Marte, Sea Skua) and anti-tank (ERYX, Brimstone, HOT) missiles.
Samsung is ahead of the curve again. The company released the August security patch for three flagship lines at once
Samsung was the first company in the market to release the August security patch for its smartphones. Moreover, for three flagship lines at once: Galaxy S20, S21 and S22.
Today, owners of these smartphones in Germany began to receive updates, including a security patch. Usually, users from other countries do not have to wait long. The August security patch fixes dozens of vulnerabilities, so it’s quite important.
Samsung has sometimes been ahead of even Google in recent years, releasing security patches earlier and offering longer support for its flagships, although just three or four years ago, Samsung was almost the worst in this matter.
Some motherboards will turn the Core i9-13900K into a power consumption monster. The power limit will increase to 350W
Intel can make the Core i9-13900K even more attractive with a new auto-overclocking mode. The source reports that some motherboards...
In 10 years, there will be about 70,000 satellites in Earth orbit.
About 70,000 spacecraft could be in Earth orbit by 2032. Sergey Boev, chief designer of the missile attack warning system,...
Android 13 fixes over 150 bugs on Pixel smartphones
Recently, Google unexpectedly released the final version of the Android 13 OS, which became available for Pixel smartphones. And, it...
The United States suspends the operation of all tiltrotor CV-22 Osprey – the American hybrid of an airplane and a helicopter turned out to be unreliable and even dangerous
The US military is suspending all of its CV-22 Osprey tiltrotor aircraft deployed around the world. This was reported by...
Components6 days ago
A photo of the GeForce GTX 2080 video card was published on Reddit – it is claimed that this is a prototype
Software7 days ago
Snapdragon 680, 2K screen, four speakers and Android 12: Moto Tab G62 tablet will be presented on August 17
Phones3 days ago
iOS 16 and iPhone 14 will bring with them a huge amount of advertising
Software7 days ago
Round AMOLED, sapphire crystal, SpO2, NFC, 14 days autonomy, support for third-party applications. Xiaomi Watch S1 Pro presented