Microsoft in an alert this week said Nobelium, the Russian state-sponsored group linked to the Solar Winds supply chain hack in 2020, deployed MagicWeb by gaining access to “highly privileged credentials” at an unnamed organization and then moved laterally to gain administrative privileges to an Active Directory Federated Services system. MagicWeb is a malicious DLL that allows manipulation of the claims passed in tokens generated by Active Director server, giving attackers the ability to “sign in as any user’ and bypass multi-factor authentication, Microsoft says. To safeguard against such attacks, the software giant recommends isolating the infrastructure, ensuring proper monitoring, limiting access to dedicated admin accounts, and consider moving to a cloud-based solution such as Azure Active Directory for federated authentication. “AD FS is an on-premises server, and as with all on-premises servers, deployments can get out of date and/or go unpatched, and they can be impacted by local environment compromises and lateral movement,” according to the Microsoft advisory.
TALLAHASSEE, FL – Advanced Manufacturing International (AMI) has been awarded a $2M grant