Cortex XSOAR for Nobelium Spear Phishing Attacks Rapid Response


On May 27, 2021, Microsoft reported a wide scale spear phishing campaign attributed to APT29, specifically the associated group Nobelium, the same threat actor responsible for the SolarWinds campaign named SolarStorm. This attack had a wide range of targets for an advanced persistent threat (APT) spear phishing campaign with 3,000 email accounts targeted at 150 organizations. This recent wave of cyberattacks by the SolarWinds-linked Nobelium threat actor has shown the world the sheer level of sophistication behind these increasingly powerful attacks on targeted entities. The threat actors are well-organized with a clear game plan and seem to have invested significant time, energy and effort on experimenting with available techniques, tools and technologies to hit their targets. Threat actors have clearly upped the game in cyberspace. Given the level of sophistication and planning around these attacks by the adversaries, it is time organizations level up their incident response speed and bring threat intel management and post intrusion response and remediation capabilities to their SecOps and threat hunting teams. To help, we’ve created a Cortex XSOAR playbook that can automate many of the steps needed to respond to this attack by Nobelium.

Read more…