APT29

Nobelium, also known as APT29, is a cyber espionage group believed to be operated by the Russian government, specifically the Foreign Intelligence Service of the Russian Federation. This group is known for executing sophisticated and targeted cyber attacks against a wide range of entities, including governments, non-governmental organizations, businesses, think tanks, military institutions, IT service providers, health technology and research organizations, and telecommunications providers. Nobelium typically initiates attacks through spearphishing campaigns and employs various tactics to gain initial access to target networks. Once inside, the group uses an array of tools and techniques to move laterally and exfiltrate sensitive data, demonstrating a high level of skill in operating covertly and evading detection over long periods. Nobelium’s Envyscout infection chain is known for hiding in the registry, specifically targeting embassies. Active since at least 2004, the group has been linked to numerous high-profile cyberattacks, most notably the SolarWinds hack in 2020, which impacted multiple government agencies and private companies in the United States.