Russia-backed NOBELIUM was found deploying the MagicWeb backdoor (for persistence) to target entities in the U.S., Europe, and Asia. The new tools have features similar to the FoggyWeb backdoor, claim experts. The tool requires admin access to the target ADFS server by replacing a DLL with a tainted version.