https://live.paloaltonetworks.com/t5/cortex-xsoar-articles/nobelium-a-playbook-for-handling-a-wide-scale-spear-phishing/ta-p/410075 <P><SPAN>On May 27, 2021, </SPAN><A href="https://blogs.microsoft.com/on-the-issues/2021/05/27/nobelium-cyberattack-nativezone-solarwinds/" target="_blank" rel="noopener"><SPAN>Microsoft</SPAN></A><SPAN> reported a wide-scale spear phishing campaign attributed to APT29, the same threat actor responsible for the </SPAN><A href="https://www.paloaltonetworks.com/blog/security-operations/cortex-xsoar-solarstorm-sunburst/" target="_blank" rel="noopener"><SPAN>SolarWinds campaign, SolarStorm</SPAN></A><SPAN>. This attack had a wide range of targets for an APT spear phishing campaign—about 3,000 email accounts targeted within 150 organizations.&nbsp;</SPAN></P> <P>&nbsp;</P> <H3><FONT color="#FF6600"><STRONG>We can help!</STRONG></FONT></H3> <P><SPAN>On May 28th, Cortex XSOAR’s security research team released </SPAN><A href="https://xsoar.pan.dev/docs/reference/playbooks/NOBELIUM---wide-scale-APT29-spear-phishing" target="_blank" rel="noopener"><STRONG>NOBELIUM</STRONG></A><SPAN>, a wide-scale APT29 spear-phishing playbook for hunting and responding to the attack. </SPAN><STRONG>NOBELIUM - Wide Scale APT29 Spear-Phishing </STRONG><SPAN>is part of the</SPAN> <STRONG><A href="https://xsoar.pan.dev/marketplace/details/MajorBreachesInvestigationandResponse" target="_blank" rel="noopener">Rapid Breach Response</A></STRONG><SPAN>&nbsp;content pack available for download from the <A href="https://www.paloaltonetworks.com/cortex/xsoar/marketplace" target="_self">Cortex XSOAR Marketplace</A>.&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN>Rapid Breach Response is a collection of playbooks developed by our security research teams in response to high-profile breaches and attacks, such as SolarStorm.</SPAN><SPAN>&nbsp;</SPAN><SPAN>Learn more here: <A href="https://www.paloaltonetworks.com/blog/2021/06/cortex-xsoar-nobelium-spear-phishing/" target="_self">Cortex XSOAR for Nobelium Spear Phishing Attacks Rapid Response</A>.</SPAN></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="mbordach10_1-1622382232719.png" style="width: 668px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/34145iE28A092F40D471E1/image-dimensions/668x388/is-moderation-mode/true?v=v2" width="668" height="388" role="button" title="mbordach10_1-1622382232719.png" alt="mbordach10_1-1622382232719.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 10 Apr 2025 18:54:01 GMT mbordach10 2025-04-10T18:54:01Z https://live.paloaltonetworks.com/t5/cortex-xsoar-articles/nobelium-a-playbook-for-handling-a-wide-scale-spear-phishing/ta-p/410075 <P><SPAN>NOBELIUM is a playbook for handing a</SPAN><SPAN>&nbsp;wide-scale spear phishing campaign, such as the one Microsoft experienced in late May 2021.&nbsp;&nbsp;</SPAN></P> Thu, 10 Apr 2025 18:54:01 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-articles/nobelium-a-playbook-for-handling-a-wide-scale-spear-phishing/ta-p/410075 mbordach10 2025-04-10T18:54:01Z