The actor that Microsoft tracks as Midnight Blizzard (NOBELIUM) is a Russia-based threat actor attributed by the US and UK governments as the Foreign Intelligence Service of the Russian Federation, also known as the SVR. Midnight Blizzard (NOBELIUM) is known to primarily target governments, diplomatic entities, NGOs, and IT service providers in primarily the US and Europe. Their focus is to collect intelligence through longstanding and dedicated espionage of foreign interests that can be traced to early 2018 by leveraging the use of identity. Midnight Blizzard (NOBELIUM) is consistent and persistent in their operational targeting and their objectives rarely change. They utilize diverse initial access methods ranging from stolen credentials to supply chain attacks, exploitation of on-premises environments to laterally move to the cloud, exploitation of service providers’ trust chain to gain access to downstream customers, as well as the ADFS malware known as FOGGYWEB and MAGICWEB. Midnight Blizzard (NOBELIUM) is tracked by partner security companies as APT29, UNC2452, and Cozy Bear.
Register now to watch the on-demand web seminar featuring Microsoft Digital Defense Report 2024 insights.
Follow Microsoft Security