Cyber Threat Report: 'Malicious Activities Linked to the Nobelium Intrusion Set'
| Report Author | ANSSI |
|---|---|
| Publication Date | 2024-06-19 |
| Original Reporting | Source |
| Attributed to Nation | Russia |
| Related Intrusion Sets | APT29 , Midnight Blizzard , NOBELIUM |
| Related Threat Actors | SVR - Russian Foreign Intelligence Service |
| Victim Sectors | Ministries of Foreign Affairs, National Government |
This report by ANSSI, the French 'Agence nationale de la sécurité des systèmes d'information', outlines activity against French diplomatic entities and international IT entities by the Nobelium intrusion set. According to the report, French public organizations were targeted from February to May 2021 using compromised email accounts belonging to the French Ministry of Culture and the National Agency for Territorial Cohesion. In 2022 and 2023 the group targeted European embassies and Ministries of Foreign Affairs using compromised accounts and diplomatic themed phishing emails. In 2023 and 2024 the group, known as 'Midnight Blizzard' since 2023, were linked to incidents impacting Microsoft, Hewlett Packard Enterprise and Jet Brains TeamCity software.
Cyber Threat Graph Context
Explore how this report relates to the wider threat graph