The latest work of the notorious Russian state-associated “NOBELIUM” threat group is an email phishing campaign against multiple countries and sectors, victimizing human rights organizations, governments, and think tanks. The attacks, which began in January 2021, employed a sophisticated combination of legitimate tools and services (e.g. Google Firebase, Constant Contact) and customized malicious tools. NOBELIUM has seemingly soldiered on after its compromise of SolarWinds software in 2020, and continues to show great technical capability by carefully prioritizing targets and altering methods on the fly. NOBELIUM has repeatedly demonstrated the hallmarks of a well-resourced, state-sponsored, advanced persistent threat (APT) group, and will likely continue to mature and strike often in the mid-term future (3–12 months), despite best efforts to strengthen cyberspace government.
The notorious Russia-based ransomware group “REvil” (aka Sodinokibi) has been blamed for the latest high-pr...
Most Recent Flipbooks
Main story: Attackers seize Microsoft zero-day for malware dissemination, espionage
Main story: REvil REturns with new data-leak site
Main story: Russian cyber attacks on Ukraine: Where’s the boom?
Main story: Karakurt Hacking Team moonlights as Conti side business
RaidForums takedown sends cybercriminals scrambling
Carbanak group’s evolution extends to ransomware
Q1 2022: What happened and what lies ahead
Maverick extortionist group Lapsus$ goes after big tech
US executive order pushes for responsible cryptocurrency use
The Russia-Ukraine war has triggered a resurgence of hacktivism around the world
The US government has issued an alert about the Iran-linked "MuddyWater" advanced persistent threat group
Conti ransomware group aims to ascend with new tools, structure
US DoJ arrests shine light on ease and impact of cryptocurrency laundering