On May 27, 2021, Microsoft reported a wide-scale spear phishing campaign attributed to APT29, the same threat actor responsible for the SolarWinds campaign, SolarStorm. This attack had a wide range of targets for an APT spear phishing campaign—about 3,000 email accounts targeted within 150 organizations.
On May 28th, Cortex XSOAR’s security research team released NOBELIUM, a wide-scale APT29 spear-phishing playbook for hunting and responding to the attack. NOBELIUM - Wide Scale APT29 Spear-Phishing is part of the Rapid Breach Response content pack available for download from the Cortex XSOAR Marketplace.
Rapid Breach Response is a collection of playbooks developed by our security research teams in response to high-profile breaches and attacks, such as SolarStorm. Learn more here: Cortex XSOAR for Nobelium Spear Phishing Attacks Rapid Response.