back to article Microsoft warns: Active Directory FoggyWeb malware being actively used by Nobelium gang

Microsoft has warned of a new tool designed to exfiltrate credentials and introduce a backdoor into Active Directory servers that is under active use by the Nobelium threat actor group. The FoggyWeb malware, Microsoft has declared, is designed to target Microsoft Active Directory Federation Services (AD FS) servers, …

  1. Pascal Monett Silver badge
    FAIL

    Microsoft Active Directory

    It was only a matter of time before it became an active threat.

    Even the Borkzilla specialist wants you to migrate to something else.

    Telling.

    1. Anonymous Coward
      Anonymous Coward

      Re: Microsoft Active Directory

      This isn't Active Directory. Its Federation Services, the FS part in ADFS. They want you moving to Azure AD which has the functionality of ADFS for example AD connect.

      Obvious reason why they want that and are not providing a similar solution on prem, its not over security concerns.

      1. J. Cook Silver badge

        Re: Microsoft Active Directory

        For Azure, there's actually two different things:

        Azure ADFS, which is essentially a hosted version of ADFS that one your AzureAD tenant. If someone is moving from On-prem ADFS to Azure, they'll support configuring it, but not really recommending it because from what I was told, it's as much of a pain to setup and manage as the on-prem product.

        AzureAD Connect, which is different enough that it's a separate product and SKU, but included with the AzureAD subscription. It also has hooks (more or less) built in for most products that support the SAML SSO specs.

        Microsoft still has support for ADFS in Server 2019, but they really are pushing companies to move to Azure, because 'recurring revenue'.

    2. Anonymous Coward
      Anonymous Coward

      Re: Microsoft Active Directory

      Nothing about fixing the security hole?

  2. bombastic bob Silver badge
    Unhappy

    so THAT is why I have been getting more e-mail-spam lately

    From the article: More recently the group succeeded in a phishing attack on Microsoft's support desk, retrieving private customer data which the company confirmed included "information regarding... Microsoft Services subscriptions" and was used "in some cases" to launch further "highly-targeted attacks as part of [a] broader campaign."

    does 'a broader campaign' include (at times) a dozen or more (lame) spear-phishing e-mails per day with the usual payloads and malicious links? The frequency of these things has gone up 10 fold over the last couple of weeks... on the e-mail address I use with my (soon to expire, and I may not renew) MSDN subscription.

    (good thing I do not open the obvious malicius attachments nor view as HTML on a windows-based mail reader)

  3. amanfromMars 1 Silver badge

    There has been major eventful development ... for media to deal with

    The FoggyWeb malware, Microsoft has declared, is designed to target Microsoft Active Directory Federation Services (AD FS) servers, exfiltrating credentials, configuration databases, decrypted token-signing and token-decryption certificates, and to download additional components to set up a permanent backdoor and attack the network more widely.

    And what would Microsoft like to do with Variants that enhance networks widely everywhere?

    That wouldn't be an attack whenever Virtually a Future AIdDevelopment for toasting and roasting and hosting live beta testing with Microsoft AD FS servering ACTive Assets for Browser Deployments/Systems Engagements ......... A Heavenly Captivating Capture to Surrender and Submit Wholeheartedly to for the Benefits Derived from an Immaculate Satisfaction Borne of the Bond Presenting and Pioneering Perfect Happiness.

    I Kid U Not :-)

    Would that require one make and/or take a Quantum Leap ‽ . :-) for Ennobling and Enabling Nobel Prize Territory Gains ........ Providing Genius Advantage ‽ .

    El Regers would certainly surely like and love to know ........ given what is So Clearly Offered ‽ .

    1. MyffyW Silver badge

      Re: There has been major eventful development ... for media to deal with

      @amanfrommars1 have an upvote for the use of multiple interobangs. Can there be a brighter start to ones day(‽)

  4. Lorribot

    We need a modern OS that is secure by default and no it isn't your favourite Linux distro.

    "remove unnecessary protocols and Windows features."

    So that is over to MS to actually supply an out of the box version of Windows Server that has nothing but the basics installed and active and complies with a basic security model without having to apply a bunch of group polices.

    Before you say Core is cool, it still has the print spooler service running and ton of other stuff that even MS does not know what would break if they turn it off.

    Windows needs a ground up x64 or even better a proper 64 bit rewrite with out all the backwards compatibility. Yes it is a pain but even all the Linux distros have their bundled detritus and as Mac users have found, if it is used by enough people the bad guys will be interested and if it is one guy supporting that open source library against a nation state group of hackers I know who will come out top.

    We use OpenVMS which is stable and does stuff and has never been hacked by anyone because it isn't worth the effort, but support is a err yes it is supported by a company that charges, not sure how they would fare against Nobelium.

    1. Anonymous Coward
      Anonymous Coward

      Re: We need a modern OS that is secure by default and no it isn't your favourite Linux distro.

      "Before you say Core is cool, it still has the print spooler service running"

      No it doesn't. I have a core print server and had to add the print server feature. Until you do this, the spooler service is not in the registry.

    2. Pirate Dave Silver badge
      Pirate

      Re: We need a modern OS that is secure by default and no it isn't your favourite Linux distro.

      A ground-up rewrite of Windows would just open an entire new, and hereto unknown, set of vulnerabilities for the Bad Guys to dive into. This is Microsoft, it would happen. Might even be "worse" on the other side than what we've got now, and would take another 10 years to get back to here. This is what happens when the Marketing department gets equal footing to the Engineering department.

      Maybe it's time to move back to Banyan Vines? lol.

      1. captain veg Silver badge

        Re: This is Microsoft, it would happen.

        Windows 95 was billed as a ground-up rewrite, but it turned out to be Win32S (i.e. Windows 3.1) with a new shell, and DOS 6 repackaged as WINBOOT.SYS. Nevertheless, it made Bill Gates insanely rich.

        -A.

    3. sabroni Silver badge
      Happy

      Re: We need a modern OS that is secure by default and no it isn't your favourite Linux distro.

      Upvoted for the title. Freetards up and down the country choking on their cornflakes in outrage!

    4. hoola Silver badge

      Re: We need a modern OS that is secure by default and no it isn't your favourite Linux distro.

      Maybe remove the networking stack, that would secure it........

      Just thinking of the possibilities.

      Whatever, Microsoft are pushing heavily to get people onto Azure AD. There goal is everything subscription, including the directory and as much as possible hosted in Azure. That way there is absolutely no possibility of avoiding licensing costs, making do with older hardware etc.

      The goal has been clear for some years with the way Exchange has morphed into Exchange Online and the Office 365 (now M365).

      They wont deprecate on-prem AD for some time to come but eventually the point will be reached where you will be unable to do anything without an Internet connection and Azure AD.

      1. Anonymous Coward
        Anonymous Coward

        Re: We need a modern OS that is secure by default and no it isn't your favourite Linux distro.

        "They wont deprecate on-prem AD for some time to come ... "

        They just haven't released the malware for it yet - malware which will be so horrendous and do such awful things, that the only advice MS will be able to give will be "abandon running AD on-prem and move to Azure AD, ASAP". It will probably exploit extremely delicately crafted holes that only MS knows about. But that's a few years out. For now, we get to continue to (mostly) own our directory.

    5. teknopaul

      Re: We need a modern OS that is secure by default and no it isn't your favourite Linux distro.

      Written in rust please.

      1. captain veg Silver badge

        Re: We need a modern OS that is secure by default and no it isn't your favourite Linux distro.

        Windows is written in cruft. Is that close enough?

        -A.

  5. theBatman

    Pah! Thespians.

    They're not to be trusted.

  6. Doctor Evil
    Joke

    FTFY

    Chief security adviser Roger Halbheer says best protection is to 'get off AD FFS'

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like