Trace Id is missing

Nation State Actors Midnight Blizzard

A close-up of a planet
The actor that Microsoft tracks as Midnight Blizzard (NOBELIUM) is a Russia-based threat actor attributed by the US and UK governments as the Foreign Intelligence Service of the Russian Federation, also known as the SVR. Midnight Blizzard (NOBELIUM) is known to primarily target governments, diplomatic entities, NGOs, and IT service providers in primarily the US and Europe. Their focus is to collect intelligence through longstanding and dedicated espionage of foreign interests that can be traced to early 2018 by leveraging the use of identity. Midnight Blizzard (NOBELIUM) is consistent and persistent in their operational targeting and their objectives rarely change. They utilize diverse initial access methods ranging from stolen credentials to supply chain attacks, exploitation of on-premises environments to laterally move to the cloud, exploitation of service providers’ trust chain to gain access to downstream customers, as well as the ADFS malware known as FOGGYWEB and MAGICWEB. Midnight Blizzard (NOBELIUM) is tracked by partner security companies as APT29, UNC2452, and Cozy Bear.

Also known as:                                                         Industries targeted:

 

APT29, UNC2452, NOBELLIUM                                Government organizations                                        

                                                                                    Non-government organizations

Country of origin:

                                                                                    Think tanks

Russia

                                                                                    Military

 

Countries targeted:                                                 IT service providers

 

Global                                                                         Health technology and research

 

                                                                                    Telecommunications provider

Microsoft Threat Intelligence: Recent Midnight Blizzard Articles

MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

The final report on NOBELIUM’s unprecedented nation-state attack

NOBELIUM targeting delegated administrative privileges to facilitate broader attacks