Nobelium, also known as APT29, is a cyber espionage group that is believed to be operated by the Russian government (Foreign Intelligence Service of the Russian Federation). It is known for conducting sophisticated and targeted cyber attacks against governments and non-governmental organizations, businesses, think tanks, military, IT service providers, health technology and research, telecommunications providers and other organizations.
Nobelium typically uses spearphishing campaigns and other tactics to gain initial access to target networks, and then uses a range of tools and techniques to move laterally within the network and exfiltrate sensitive data. The group is known for its ability to operate covertly and evade detection for extended periods of time.
NOBELIUM’s Envyscout infection chain goes in the registry, targeting embassies.
The group has been active since at least 2004, and it has been linked to a number of high-profile cyberattacks, including the SolarWinds hack in 2020, which affected numerous government agencies and private companies in the United States.
For more details, you can read this article in which our TDR team reports on a campaign linked to Nobelium.
You can consult other topics available in our glossary below: Advanced Persistent Threat, Turla, SaaS SIEM, LuckyMouse, Roaming Mantis, Vice Society, Cyber Threat Intelligence, XDR, SOAR, SIEM, SOC, EDR, CERT, STIX, IoC, Data Loss Prevention.
We are a cybersecurity software publisher. We provide SOC and MSSP teams with a turnkey operational security platform (SOC platform). Through our XDR platform, CTI tool and threat intelligence platform, we enable our users to neutralize cyber threats, regardless of the attack surface.
