Skip to main content
  1. Home
  2. Computing
  3. News

Microsoft warns of latest malware attack, explains how to avoid secret backdoor

Add as a preferred source on Google

Microsoft has recently discovered another type of malware, named FoggyWeb by Microsoft, that hackers are currently using to remotely steal network admin credentials. The credentials allow the attacker group, which the company has called Nobelium, to hack into admin accounts of the Active Directory Federation Services’ (AD FS) servers and control users’ access to various resources.

Microsoft claims that this is the same group behind the SolarWinds software supply chain attack that was revealed in December.

Privacy security stock photo.
Darwin Laganzon - typographyimages/Pixabay

The malware acts as a backdoor for the hackers and facilitates their remote theft of tokens and certificates from Microsoft’s identity platform.

Recommended Videos

The newly discovered malware is used by the attackers once the server they’re targeting has already been compromised in terms of security. The hacker group uses several tactics to access users’ identities and the necessary infrastructure that is required to take control of their app usage.

Ramin Nafisi of the Microsoft Threat Intelligence Center says: “Nobelium uses FoggyWeb to remotely exfiltrate the configuration database of compromised AD FS servers, decrypted token-signing certificate, and token-decryption certificate, as well as to download and execute additional components”.

“FoggyWeb is a passive and highly targeted backdoor capable of remotely exfiltrating sensitive information from a compromised AD FS server. It can also receive additional malicious components from a command-and-control (C2) server and execute them on the compromised server,” Microsoft adds.

The backdoor that Nobelium manages to get past allows the hacker to access the Security Assertion Markup Language (SAML) token. This token is for assisting users to authenticate apps. Hacking the token permits the attackers to stay inside the network even after regular cleanups. In fact, according to Microsoft, FoggyWeb has been in use since April 2021.

Microsoft has uncovered a number of modules used by Nobelium. These include the GoldMax, GoldFinder, and Sibot components. These were built with the help of other malware that the same group was found guilty of using. These include Sunburst, Solarigate, Teardrop, and Sunspot.

For people who fall prey to the attack, Microsoft recommends auditing on-premise and cloud infrastructure for configurations, and per-user and per-app settings; removing user and app access, reviewing configurations, and reissuing new, strong credentials; and using a hardware security module to prevent FoggyWeb from stealing secrets from AD FS servers.

Dua Rashid
Former Computing Writer
Dua is a media studies graduate student at The New School. She has been hooked on technology since she was a kid and used to…
ChatGPT will now remind teens to take breaks and give parents more controls
New parental controls include Quiet Hours, Study Mode defaults, and alerts for serious account violations.
chatgpt-teen-safety-features

OpenAI wants to make ChatGPT safer for teens, and the changes go well beyond a simple content filter. In a new update, the company laid out its stance on why teens should have access to AI in the first place, arguing that keeping them away from it entirely would leave them unprepared for one of the defining technologies of their generation.

Nearly 90% of teens already use ChatGPT weekly for learning, research, or getting organized, which is why OpenAI says access needs to come paired with real protections built for their age.

Read more
ChatGPT’s new search tool saves you from digging through old chats, files, and images
You can also filter ChatGPT search results by content type.
chatgpt-new-search

If you have ever lost a great ChatGPT answer somewhere in your endless chat history, that headache is finally over. OpenAI has rolled out a major search upgrade that lets you find old chats, projects, documents, and images all from one place.

Before this update, the sidebar search only pulled up past conversations, leaving uploaded files, projects, and generated images completely out of reach. The new search option is now available across web, iOS, and Android, on every ChatGPT plan, including free accounts.

Read more
You can now link your favorite apps to AI Mode in Google Search to get things done
AI Mode now works with Instacart, Canva, and YouTube Music inside Search.
google-search-ai-mode-connect-apps

Google is making AI Mode in Search more useful by letting you connect third-party apps. Starting this week in the US, you can securely connect some of your go-to apps directly to AI Mode, letting Search actually complete tasks for you instead of just answering questions.

This update builds on a similar trick Google already pulled off inside the Gemini app, and now it is landing in Search itself. The initial rollout includes three launch partners, Instacart, Canva, and YouTube Music, with Google saying more app integrations are on the way.

Read more