MagicWeb Mystery Highlights Nobelium Attacker’s Sophistication

Microsoft has tracked down a sophisticated authentication bypass for Active Directory Federated Services (AD FS), pioneered by the Russia-linked Nobelium group. The malware that allowed the authentication bypass — which Microsoft called MagicWeb — gave Nobelium the ability to implant a backdoor on the unnamed customer’s AD FS server, then use specially crafted certificates to bypass the normal authentication process. Microsoft incident responders collected data on the authentication flow, capturing the authentication certificates used by the attacker, and then reverse-engineered the backdoor code.

https://www.darkreading.com/vulnerabilities-threats/magicweb-mystery-highlights-nobelium-attacker-sophistication?&web_view=true

Customer Reviews

5
0%
4
0%
3
0%
2
0%
1
0%
0
0%

    Leave a Reply

    Thanks for submitting your comment!

    This site uses Akismet to reduce spam. Learn how your comment data is processed.