NOBELIUM

Actor Type	Nation State
Attributed to Nation	Russia
Directly Linked Intrusion Sets	APT29 , Midnight Blizzard , Cozy Bear , The Dukes
Associated Threat Actor	SVR - Russian Foreign Intelligence Service
Associated MITRE ATT&CK Group	APT29 (G0016)

Microsoft identied NOBELIUM as the attackers behind the 2020 attack against SolarWinds. The group have subsequently been linked to APT29 and Russia's SVR.

Microsoft later changed their threat naming convention and NOBELIUM was renamed to 'Midnight Blizzard'.

Cyber Threat Graph Context

Explore how this Intrusion Set relates to the wider threat graph

NOBELIUM Threat Reports

Report

Midnight Blizzard: Guidance for responders on nation-state attack

Following a compromise of Microsoft corporate systems by Midnight Blizzard which was detected on 12th January 2024, this blog post outlines ...

View Source

References

MITRE ATT&CK Techniques

MITRE ATT&CK techniques observed in use by this intrusion set.

ATT&CK ID	Title	Associated Tactics
T1114.002	Remote Email Collection	Collection
T1110.003	Password Spraying	Credential Access

NOBELIUM

Cyber Threat Graph Context

NOBELIUM Threat Reports

Midnight Blizzard: Guidance for responders on nation-state attack

References

attack.mitre.org

www.microsoft.com

www.cisa.gov

www.microsoft.com

learn.microsoft.com

MITRE ATT&CK Techniques