{"id":48148,"date":"2022-08-25T10:57:29","date_gmt":"2022-08-25T10:57:29","guid":{"rendered":"http:\/\/c2e544d5-953b-440b-84c3-c8e78ad23bcf"},"modified":"2022-08-25T10:57:29","modified_gmt":"2022-08-25T10:57:29","slug":"microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/","title":{"rendered":"Microsoft: SolarWinds hackers gain powerful ‘MagicWeb’ authentication bypass"},"content":{"rendered":"
\n
\n
\"Hacker<\/picture><\/div>\n

<\/div>\n

Image: Getty<\/span><\/figcaption><\/figure>\n

Microsoft has warned that the hacking group behind the 2020 SolarWinds supply chain attack have a new technique for bypassing authentication in corporate networks.<\/p>\n

The trick, a highly specialized capability Microsoft calls “MagicWeb”, allows the actors to keep a firm position in a network even as defenders attempt to eject them. However, unlike past attacks by the group, which Microsoft tracks as Nobelium, they are not employing supply chain attacks to deploy MagicWeb, but rather are abusing admin credentials. <\/p>\n

\n

ZDNET recommends<\/h3>\n<\/p><\/div>\n

The US and UK say Nobelium actors are from the hacking unit of the Russian Foreign Intelligence Service (SVR). Nobelium actors have pulled off several high-profile supply chain attacks since compromising the software build systems of SolarWinds in late 2020. That attack compromised 18,000 targets, including several US agencies and tech firms, including Microsoft<\/a>. <\/p>\n

SEE: Hackers are finding ways around multi-factor authentication. Here’s what to watch for<\/a><\/strong><\/p>\n

Since then, Microsoft and other security firms have identified multiple sophisticated tools, such as backdoors, used by Nobelium<\/a> \u2013 and MagicWeb is the latest. MagicWeb targets enterprise identity systems, namely Active Directory Federation Server (AD FS), which means on-premise AD servers versus cloud-based Azure Active Directory. As a result, Microsoft recommends isolating AD FS and restricting access to it.<\/p>\n

Microsoft emphasizes that Nobelium remains “highly active”. Last July, Microsoft revealed it had found info-stealer malware<\/a> from Nobelium on the PC of one of its support agents, which was then used to launch attacks on others. Nobelium actors have also impersonated USAID in spear-phishing campaigns<\/a>. <\/p>\n

In October, Microsoft spotlighted Nobelium attacks on software and cloud service resellers<\/a>, once again abusing the trust between supplier and customer to exploit direct access to customers’ IT systems. <\/p>\n

A month prior to the cloud\/reseller attacks, it exposed a Nobelium tool called FoggyWeb<\/a>, a post-compromise backdoor that collected details from an AD FS to gain token-signing and token-encryption certificates, and to deploy malware. <\/p>\n

MagicWeb employs similar methods by targeting AD FS, but Microsoft says it “goes beyond the collection capabilities of FoggyWeb by facilitating covert access directly.”<\/p>\n

“MagicWeb is a malicious DLL that allows manipulation of the claims passed in tokens generated by an Active Directory Federated Services server. It manipulates the user authentication certificates used for authentication, not the signing certificates used in attacks like Golden SAML.”<\/p>\n

SAML refers to Security Assertion Markup Language, which uses x509 certificates to establish trust relationships between identity providers and services and to sign and decrypt tokens, Microsoft explains.<\/p>\n

Prior to deploying MagicWeb, the actors gained access to highly privileged credentials and then moved laterally on the network to gain admin rights on an AF FS system. <\/p>\n

“This is not a supply chain attack,” Microsoft stressed. “The attacker had admin access to the AD FS system and replaced a legitimate DLL with their own malicious DLL, causing malware to be loaded by AD FS instead of the legitimate binary.” <\/p>\n

The Redmond company’s security teams \u2013 Microsoft’s MSTIC, Microsoft 365 Defender Research, and Microsoft Detection and Response Team (DART) \u2013 found MagicWeb on a customer’s systems. It assesses MagicWeb is used in “highly targeted” attacks. <\/p>\n

SEE: Ransomware: Most attacks exploit these common cybersecurity mistakes – so fix them now, warns Microsoft<\/a><\/strong><\/p>\n

Microsoft is recommending customers keep AD FS infrastructure isolated and accessible only by the dedicated admin accounts, or to migrate to Azure Active Directory. <\/p>\n

Microsoft offers a detailed explanation of how MagicWeb achieves its authentication bypass. The explanation hinges on understanding how AD FS “claims-based authentication” works. Instead of single sign-on for one organization, AD FS can use “claims” (tokens) to let external parties \u2013 customers, partners, and suppliers \u2013 authenticate with single sign-on. <\/p>\n

“MagicWeb injects itself into the claims process to perform malicious actions outside the normal roles of an AD FS server,” explains Microsoft. <\/p>\n

MagicWeb also abuses the SAML x509 certificates that “contain enhanced key usage (EKU) values that specify what applications the certificate should be used for.” EKUs feature Object Identifier (OID) values to support, for example, SmartCard logon. Organizations can also create custom OIDs to narrow certificate usage. <\/p>\n

“MagicWeb’s authentication bypass comes from passing a non-standard Enhanced Key Usage OID that is hardcoded in the MagicWeb malware during an authentication request for a specified User Principal Name,” Microsoft explains. <\/p>\n

“When this unique hard-coded OID value is encountered, MagicWeb will cause the authentication request to bypass all standard AD FS processes (including checks for MFA) and validate the user’s claims. MagicWeb is manipulating the user authentication certificates used in SAML sign-ins, not the signing certificates for a SAML claim used in attacks like Golden SAML.” <\/p>\n

Defenders working at organizations likely to be targeted should review Microsoft’s blog post<\/a> for advice on how to harden networks and protect identity and authentication infrastructure. <\/p>\n

\n

ZDNET recommends<\/h3>\n<\/p><\/div>\n

READ MORE HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Isolate your Active Directory Federation Server, because the Kremlin’s top hackers prize them for authentication after compromising a target’s network.
\nREAD MORE HERE…<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-48148","post","type-post","status-publish","format-standard","hentry","category-zdnet-security"],"yoast_head":"\nMicrosoft: SolarWinds hackers gain powerful 'MagicWeb' authentication bypass 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft: SolarWinds hackers gain powerful 'MagicWeb' authentication bypass 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-25T10:57:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/article\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Microsoft: SolarWinds hackers gain powerful ‘MagicWeb’ authentication bypass\",\"datePublished\":\"2022-08-25T10:57:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\\\/\"},\"wordCount\":813,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\\\/\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\\\/\",\"name\":\"Microsoft: SolarWinds hackers gain powerful 'MagicWeb' authentication bypass 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\\\/\",\"datePublished\":\"2022-08-25T10:57:29+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\\\/\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\\\/\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft: SolarWinds hackers gain powerful ‘MagicWeb’ authentication bypass\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft: SolarWinds hackers gain powerful 'MagicWeb' authentication bypass 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft: SolarWinds hackers gain powerful 'MagicWeb' authentication bypass 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-08-25T10:57:29+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/article\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Microsoft: SolarWinds hackers gain powerful ‘MagicWeb’ authentication bypass","datePublished":"2022-08-25T10:57:29+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/"},"wordCount":813,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/article\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/","url":"https:\/\/www.threatshub.org\/blog\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/","name":"Microsoft: SolarWinds hackers gain powerful 'MagicWeb' authentication bypass 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/article\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/","datePublished":"2022-08-25T10:57:29+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/#primaryimage","url":"https:\/\/www.zdnet.com\/article\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/","contentUrl":"https:\/\/www.zdnet.com\/article\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft: SolarWinds hackers gain powerful ‘MagicWeb’ authentication bypass"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48148","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=48148"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48148\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=48148"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=48148"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=48148"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}