Microsoft: Nobelium APT using post-exploitation backdoor dubbed FoggyWeb to attack ADFS servers. Malware is designed to steal data and maintain network persistence on victims’ networks. The attacks started as far back as April, Microsoft researchers say. Microsoft has recommended several mitigation actions for organizations, including removing user and app access, reviewing configurations for each, and re-issuing new, strong credentials; and using a hardware security module to prevent the exfiltration of sensitive data.”]
Source: https://threatpost.com/solarwinds-active-directory-servers-foggyweb-backdoor/175056/