cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Microsoft: Russian malware hijacks ADFS to log in as anyone in Windows

Hi All

 

"Microsoft has discovered a new malware used by the Russian hacker group APT29 (a.k.a. NOBELIUM, Cozy Bear) that enables authentication as anyone in a compromised network.

As a state-sponsored cyberespionage actor, APT29 employs the new capability to hide their presence on the networks of their targets, typically government and critical organizations across Europe, the U.S., and Asia."

 

https://www.bleepingcomputer.com/news/security/microsoft-russian-malware-hijacks-adfs-to-log-in-as-a...

 

An interesting read on this attack.

 

Regards

 

Caute_Cautim

1 Reply
denbesten
Community Champion

Saw that.  "replaces a legitimate DLL used by ADFS with a malicious version" is the bit I can not get past.  If the bad actor has gained the necessary permissions to replace a DLL, it seems like we have already reached "game over".  Does not really matter what they do after that.  The machine is compromised and all data processed by it needs to be presumed disclosed.