Eight Microsoft Detection and Response Team analysts, along with members of the customer's cybersecurity team, gathered in a customer's conference room to investigate a cybersecurity mystery. This attack, known as MagicWeb, was conducted by a Russia-based nation-state hacking group called NOBELIUM. Microsoft DART and the Microsoft Threat Intelligence Center use trillions of security signals to detect potential threats and alert organizations that could be at risk. Microsoft directly notifies customers that have been targeted or compromised, providing them with the information they need to secure their accounts. The team discovered that NOBELIUM was using a compromised dynamic link library that lived in an obscure Global Assembly Cache, which allowed the attacker to authenticate as anyone in the targeted network and maintain persistent access. Microsoft's Cyberattack Series provides customers with insight into how Microsoft incident responders investigate unique and notable exploits. To learn more about Microsoft Security solutions, visit their website.
This Cyber News was published on www.microsoft.com. Publication date: Thu, 09 Feb 2023 18:01:03 +0000