Cybercrime, Nobelium exploits a new custom malware: Ceeloader
Mandiant cybersecurity experts: The APT (aka UNC2452) also shows two distinct clusters of activity, UNC3004 and UNC2652.
Cyber Espionage, Nobelium uses FoggyWeb as a backdoor
Microsoft cybersecurity experts: The APT exploits it to remotely exfiltrate sensitive information from a compromised AD FS server.
Cyber espionage, NOBELIUM now leverages legitimate mass-mailing service
Microsoft cybersecurity experts: It attempted to target approximately 3,000 individual accounts across more than 150 organizations.