New Post-Exploitation Backdoor Called “MagicWeb”

APT29, a Russian cyberespionage organisation that was behind the damaging supply chain attacks on SolarWinds in 2020, has made headlines once more. The APT29 cyberspies have discovered a new post-exploitation technique that bypasses authentication, according to a technical paper released by Microsoft. The actors were previously tracked by Microsoft as Cozy Bear (b), Nobelium (a), and the Dukes (C).

Microsoft reported that the hackers are using a fresh method of bypassing authentication that it has named MagicWeb to target corporate networks.  Microsoft’s MSTIC, Microsoft 365 Defender Research, and Microsoft Detection and Response Team (DART) identified MagicWeb on a client’s computer systems. With the use of these extremely advanced capabilities, the hackers may maintain control over the targeted networks even after the defenders make an effort to kick them out.

It’s important to note that this time, supply chain attacks are not being used by the hackers. Instead, they are launching MagicWeb by using unauthorised admin privileges. It is a backdoor that covertly adds enhanced access capabilities, giving the attacker access to a wider range of attacks than just data theft.

For instance, the attackers are able to sign in as any user to the device’s Active Director. The most recent one to be detected and examined by Microsoft is MagicWeb, one of many sophisticated tools, including backdoors, employed by SolarWinds’ hackers.




Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More