The latest work of the notorious Russian state-associated “NOBELIUM” threat group is an email phishing campaign against multiple countries and sectors, victimizing human rights organizations, governments, and think tanks. The attacks, which began in January 2021, employed a sophisticated combination of legitimate tools and services (e.g. Google Firebase, Constant Contact) and customized malicious tools. NOBELIUM has seemingly soldiered on after its compromise of SolarWinds software in 2020, and continues to show great technical capability by carefully prioritizing targets and altering methods on the fly. NOBELIUM has repeatedly demonstrated the hallmarks of a well-resourced, state-sponsored, advanced persistent threat (APT) group, and will likely continue to mature and strike often in the mid-term future (3–12 months), despite best efforts to strengthen cyberspace government.
Digital Shadows
Threat Intelligence and Digital Risk Protection Resources
