Microsoft yesterday released its study of a new, persistent, post-exploitation backdoor, "FoggyWeb," used by the Nobelium threat group. FoggyWeb is used both for exfiltration of victims' data (including configuration databases of compromised Active Directory Federation Service servers, decrypted token-signing certificates, and token-decryption certificates) and for deploying and executing additional malware payloads. Nobelium is Microsoft's name for the Russian government threat group others call Cozy Bear; it's associated with Russia's SVR foreign intelligence service (and sometimes with the FSB security service). Microsoft's report includes detailed mitigation advice.
Kaspersky researchers have an account of "BloodyStealer," a Trojan currently being sold in darkweb souks catering to criminals. BloodyStealer is hawked as an information stealer useful for employment against gamers using a range of platforms, including Steam, Epic Games Store, and EA Origin. The Trojan is both evasive and resistant to analysis. It's also cheap, going for a monthly subscription of $10 or a lifetime subscription of only $40. BloodyStealer can be used against targets of many kinds, not just gaming platforms, but Kaspersky thinks gamers likely to figure high on the criminals' hit lists.
Nexusguard describes a distributed denial-of-service attack technique, "BlackStorm," more effective and potentially damaging than the more familiar DNS amplification attacks.
Vice reports that Apple is still investigating iPhone zero-days disclosed by frustrated researcher Habr, and that Cupertino has apologized for its dilatory response to his bug program disclosures.
The Wall Street Journal says a US cryptocurrency expert has pleaded guilty to illegal export of blockchain technology to North Korea.