New Russian Malware 'MagicWeb' Allows Hackers To Trick Windows Login

New malware dubbed 'MagicWeb' from the Russian state-sponsored hacking group APT29 (also known as Nobelium, Cozy Bear) has been discovered by Microsoft. 'MagicWeb' is an improvement of the older tool 'FoggyWeb' which allowed hackers to exfiltrate the configuration database of compromised Active Directory Federation Services (ADFS) servers and to get the malware payloads from the remote command and control server. Another feature of the 'MagicWeb' is deceiving user authentication certificates by replacing a legitimate DLL used by ADFS (Active Directory Federation Services) servers with a malicious version. Read more...