Microsoft: Russia Dominates State-Sponsored Attacks

Microsoft: Russia Dominates State-Sponsored Attacks Russia accounted for the majority of state-sponsored attacks over the past year, with the SolarWinds attackers dominating threat activity, according to Microsoft data. The firm’s Digital…

New APT ChamelGang Targets Russian Energy, Aviation Orgs

First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks. A new APT…

SAS 2021: ‘Tomiris’ Backdoor Linked to SolarWinds Malware

Newly discovered code resembles the Kazuar backdoor and the Sunshuttle second-stage malware distributed by Nobelium in the SolarWinds supply-chain attacks. Researchers have discovered a campaign delivering a previously unknown backdoor…

NSA and CISA Release Security Tips Regarding VPN Security

The National Security Agency (NSA) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued guidance for strengthening the security of virtual private network (VPN) services. The document was…

Microsoft warns of Nobelium hackers using FoggyWeb backdoor

Microsoft has warned of a new FoggyWeb backdoor being used by Nobelium, the same state-sponsored hacking group believed to be responsible for SolarWinds supply-chain attacks. According to Microsoft, the notorious…

SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor

Microsoft is warning that the Nobelium APT is compromising single-sign-on servers to install a post-exploitation backdoor that steals data and maintains network persistence.

A Custom Malware Is Used by Nobelium APT to Backdoor Windows Domains

The Nobelium hacking group is using a new malware to deploy additional payloads and steal sensitive info from the Active Directory Federation Services (AD FS) servers. Cozy Bear is a…