October 11, 2021
FoggyWeb is a malware that was developed by a malware team known as Nobelium. Security experts believe Nobelium to be affiliated with the Russian government. FoggyWeb was used as a stepping-stone to gain access to SolarWinds to breach the US Government.
You can read Microsoft’s analysis which details how the malware operates and how its numerous components being deployed result in complete compromise of your network.
The best course of action for stopping this malware’s spread in your network is to remove the ADFS role from any domain controllers. If not possible, you should move any keys to a HSM to prevent your Active Directory’s security from being compromised further.