MAGICWEB MYSTERY HIGHLIGHTS NOBELIUM ATTACKERS SOPHISTICATION
Sec Operations
Microsoft has tracked down a sophisticated authentication bypass for Active Directory Federated Services (AD FS), pioneered by the Russia-linked Nobelium group.

The malware that allowed the authentication bypass â which Microsoft called MagicWeb â gave Nobelium the ability to implant a backdoor on the unnamed customerâs AD FS server, then use specially crafted certificates to bypass the normal authentication process. Microsoft incident responders collected data on the authentication flow, capturing the authentication certificates used by the attacker, and then reverse-engineered the backdoor code.
Link: https://secoperations.wordpress.com/2023/02/11/magicweb-mystery-highlights-nobelium-attackers-sophistication/