Heimadal Security

SEPTEMBER 28, 2021

The Nobelium hacking group is using a new malware to deploy additional payloads and steal sensitive info from the Active Directory Federation Services (AD FS) servers. It is classified as an advanced persistent threat APT29 by the US […]. It is classified as an advanced persistent threat APT29 by the US […].

Malware 115

Malware Hacking Cybersecurity 115

SecureList

OCTOBER 26, 2021

For more than four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The evidence suggests that the threat actor behind the attack, DarkHalo (aka Nobelium), had spent six months inside OrionIT’s networks to perfect their attack.

Malware 140

Malware Government Surveillance Spyware 140

SecureList

JULY 29, 2021

For more than four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. Moreover, we saw ShadowPad detections coincide with FourteenHi variant infections, possibly hinting at a shared operator between these two malware families.

Malware 140

Malware Phishing Password Management Social Engineering 140

SecureList

APRIL 24, 2023

Our initial report described links between a Tomiris Golang implant and SUNSHUTTLE (which has been associated to NOBELIUM / APT29/TheDukes ) as well as Kazuar (which has been associated to Turla ); however, interpreting these connections proved difficult. Actor profile Tomiris focuses on intelligence gathering in Central Asia.

Malware 89

Malware DNS Government Software 89