NOBELIUM: FoggyWeb backdoor targets Active Directory Federation Services

Written by: Vikram Navali, Senior Technical Product Manager – Microsoft has published an in-depth analysis of a newly detected malware referred to as FoggyWeb. This post-exploitation backdoor can remotely exfiltrate sensitive information from a compromised Active Directory Federation Services (AD FS) server. The research team at Microsoft has observed that NOBELIUM, the actor behind the SUNBURST backdoor, TEARDROP malware, and related components, has used FoggyWeb since April 2021.