Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎08-29-2022 11:24 PM
‎08-29-2022 11:24 PM

Microsoft: Russian malware hijacks ADFS to log in as anyone in Windows

Hi All

 

"Microsoft has discovered a new malware used by the Russian hacker group APT29 (a.k.a. NOBELIUM, Cozy Bear) that enables authentication as anyone in a compromised network.

As a state-sponsored cyberespionage actor, APT29 employs the new capability to hide their presence on the networks of their targets, typically government and critical organizations across Europe, the U.S., and Asia."

 

https://www.bleepingcomputer.com/news/security/microsoft-russian-malware-hijacks-adfs-to-log-in-as-a...

 

An interesting read on this attack.

 

Regards

 

Caute_Cautim

Reply
1 Reply
denbesten
Community Champion
‎08-30-2022 10:32 AM
‎08-30-2022 10:32 AM

Saw that.  "replaces a legitimate DLL used by ADFS with a malicious version" is the bit I can not get past.  If the bad actor has gained the necessary permissions to replace a DLL, it seems like we have already reached "game over".  Does not really matter what they do after that.  The machine is compromised and all data processed by it needs to be presumed disclosed.

Reply