APT29 aka Nobelium, Cozy Bear

Nobelium, also known as APT29, is a cyber espionage group that is believed to be operated by the Russian government (Foreign Intelligence Service of the Russian Federation).  It is known for conducting sophisticated and targeted cyber attacks against governments and non-governmental organizations, businesses, think tanks, military, IT service providers, health technology and research, telecommunications providers and other organizations.

Nobelium typically uses spearphishing campaigns and other tactics to gain initial access to target networks, and then uses a range of tools and techniques to move laterally within the network and exfiltrate sensitive data. The group is known for its ability to operate covertly and evade detection for extended periods of time.

The group has been active since at least 2004, and it has been linked to a number of high-profile cyberattacks, including the SolarWinds hack in 2020, which affected numerous government agencies and private companies in the United States.

For more details, you can read this article in which our TDR team reports on a campaign linked to Nobelium. 

You can consult other topics available in our glossary below: