Microsoft researchers released in-depth analyses of the threat ecology of the Russian-affiliated Nobelium group and how it exploited MagicWeb to perform a complex authentication bypass for Active Directory Federated Services (AD FS). Microsoft first spotted MagicWeb in August 2022, when a Microsoft customer fell victim to a post-compromise capability of MagicWeb.