{"id":43822,"date":"2021-11-10T17:00:10","date_gmt":"2021-11-10T17:00:10","guid":{"rendered":"https:\/\/www.microsoft.com\/security\/blog\/?p=99807"},"modified":"2021-11-10T17:00:10","modified_gmt":"2021-11-10T17:00:10","slug":"the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/","title":{"rendered":"The hunt for NOBELIUM, the most sophisticated nation-state attack in history"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/www.microsoft.com\/security\/blog\/uploads\/securityprod\/2021\/10\/CLO20b_Sylvie_office_night_001-1.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p><em>This is the second in a four-part <\/em><em>blog series on the NOBELIUM nation-state cyberattack. In December 2020, Microsoft began sharing details with the world about what became known as the most sophisticated nation-state cyberattack in history. <\/em><em>Microsoft\u2019s <\/em><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/nation-state-attacks#office-ContentAreaHeadingTemplate-hkzu7ix\" target=\"_blank\" rel=\"noopener\"><em>four-part video series<\/em><\/a><em> \u201cDecoding NOBELIUM\u201d pull<\/em><em>s the curtain back on the NOBELUM incident and how world-class threat hunters from Microsoft and around the industry came together to take on the most sophisticated nation-state attack in history. In this second post, we\u2019ll explore the investigation in the <a href=\"https:\/\/www.microsoft.com\/en-us\/videoplayer\/embed\/RWLJ5f\" target=\"_blank\" rel=\"noopener\">second episode<\/a> of the docuseries.&nbsp;<\/em><\/p>\n<p>The threat hunters had but weeks to unravel a global attack that had been planned and executed by an advanced adversary for over a year. The early days of a cyberattack investigation can feel like joining a high-stakes chess match after your opponent has already made a series of moves. You must figure out what your adversary has done while anticipating their next step, and launching a counterplay\u2014all simultaneously. Instead of on a chessboard, your clues are found in the code, logs, and responses to your counterattacks. In the case of the NOBELIUM nation-state attack, this was a highly skilled chess player, but we came together as a company and as an industry to take on this shared adversary. This all started when one security company, Mandiant (formerly known as FireEye), spotted an anomaly in its own environment and shared the evidence with Microsoft for additional analysis, but this story would eventually involve thousands of defenders across the industry to uncover the full picture and help protect organizations.<\/p>\n<p>As explained in our first post in this series, <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/09\/28\/how-nation-state-attackers-like-nobelium-are-changing-cybersecurity\/\" target=\"_blank\" rel=\"noopener\">How nation-state attackers like NOBELIUM are changing cybersecurity<\/a>, nation-state attacks are malicious cyberattacks that originate from a particular country and are an attempt to further that country\u2019s interests. The nation-state attack from NOBELIUM, a Russia-sponsored group of hackers, is widely recognized as the most sophisticated in history. The group gained access to multiple enterprises before their actions were detected. This <a href=\"https:\/\/www.microsoft.com\/en-us\/videoplayer\/embed\/RWLJ5f\" target=\"_blank\" rel=\"noopener\">second episode<\/a> of \u201cDecoding NOBELIUM\u201d explores how the group was detected and how defenders responded in the weeks that followed.<\/p>\n<h2>How was NOBELIUM detected?<\/h2>\n<p>It was late November 2020 when a security analyst at cybersecurity company Mandiant detected something unusual in its environment. While reviewing sign-in logs for the previous day, he noticed an event for a user with a different registered device. Intuition told him something was off so he called the user to ask if they\u2019d registered a new device. The answer would set off an unprecedented, industry-wide hunt to catch a cybercriminal. The user said, \u201cNo.\u201d<\/p>\n<p>The security professional alerted his colleagues, including his supervisor, Charles Carmakal, Mandiant Senior Vice President and Chief Technology Officer. While they didn\u2019t yet know the identity of the adversary, they would come to realize the importance of this initial detection.<\/p>\n<p>Recognizing that his company needed more collaboration and telemetry to better understand the nature of the attack, Carmakal quickly turned to Microsoft. It was about 9:00 PM when Microsoft Detection and Response Team (DART) Lead Dan Taylor received the call asking for help. Dan initially thought Carmakal was joking and when he realized it was serious, he called Microsoft DART Lead Investigator Roberto, who was taking his dog for the last walk of the day, to ask him if he recognized the anomalous code Mandiant had found. Roberto confirmed that he had seen this anomaly during a previous nation-state investigation.<\/p>\n<h2>How did the defense team come together?<\/h2>\n<p>Every second counts when responding to large-scale cyberattacks like this. NOBELIUM had a year-long advantage on the defenders. A global threat-hunting effort was formed around the <a href=\"https:\/\/www.microsoft.com\/en-us\/insidetrack\/microsoft-uses-threat-intelligence-to-protect-detect-and-respond-to-threats\" target=\"_blank\" rel=\"noopener\">Microsoft Threat Intelligence Center<\/a>, which defends Microsoft and its customers from advanced threat actors around the world. They immediately activated Microsoft\u2019s team of global security experts, who are on-call for major incidents.<\/p>\n<p>Microsoft Security Analyst Joanne was lacing up her hiking boots on a Saturday when she received a text from her supervisor to the entire team that read, \u201cWe need all hands on deck for an active incident.\u201d The hike would have to wait as she and her teammates began studying the available data for indicators of an attack.<\/p>\n<p>As Microsoft continued to partner with Mandiant, it quickly became clear that this attack extended well beyond one security company. The Microsoft response team grew along with this knowledge. With every meeting, another 50 to 100 Microsoft threat experts joined in\u2014everyone came together to help. And the industry-wide collaboration grew as well. \u201cMany different partners across the industry came together with a common goal,\u201d said Ramin, Senior Malware Reverse Engineer with the Microsoft Threat Intelligence Center.<\/p>\n<p>The biggest challenge was the sophisticated tradecraft of the attacker. They practiced extreme variability. \u201cIt became very clear to us that we were dealing with a highly capable, highly clandestine, and advanced adversary,\u201d said Carmakal. NOBELIUM would never use the same IP address across organizations\u2014even going so far as to change it every time the group re-entered the same organization\u2019s network. That meant that traditional markers\u2014including hashes, file names, and IP addresses\u2014were all brittle indicators and less helpful for tracking the attacker\u2019s path. Over time, they began identifying subtle markers of malicious activity.<\/p>\n<p>The team\u2019s relentless investigation led to a breakthrough\u2014they discovered that the unknown threat actor was stealing credentials and moving through the networks undetected. During the ongoing investigation, the team uncovered that anomalous activity was happening within the SolarWinds platform. After decompiling 50,0000 lines of SolarWind\u2019s code, Mandiant and Microsoft\u2019s reverse engineers identified NOBELIUM malware carefully obfuscated within layers of code, designed to easily spread undetected to thousands of target organizations. \u201cWhen we found that scope, it was a combination of exciting and scary,\u201d said Pete, Senior Software Engineer of the Microsoft Threat Intelligence Center.<\/p>\n<p>\u201cYou got a sense that this attacker could start in hundreds of customer networks, very deep into them with elevated rights,\u201d said John Lambert, General Manager of the Microsoft Threat Intelligence Center. \u201cWhen you realize how many enterprise customers and government departments use [SolarWinds], you knew that this attacker had achieved a place to have major impact, across the globe.\u201d<\/p>\n<p>Over weeks, the hunters uncovered a sophisticated, advanced threat with a scale and scope beyond anything they could have initially guessed. Now, it was time to use that hard-won knowledge to find and repel the current threat from NOBELIUM and prepare for future attacks.<\/p>\n<h2>NOBELIUM lessons<\/h2>\n<p>How did cybersecurity professionals identify NOBELIUM as the threat actor behind the attack and what can your organization do to detect and respond to nation-state attacks? In the second episode of our <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/nation-state-attacks#office-ContentAreaHeadingTemplate-hkzu7ix\" target=\"_blank\" rel=\"noopener\">four-part video series<\/a> \u201cDecoding Nobelium,\u201d security professionals talk about the investigation that followed the discovery of NOBELIUM\u2019s attack. <a href=\"https:\/\/www.microsoft.com\/en-us\/videoplayer\/embed\/RWLJ5f\" target=\"_blank\" rel=\"noopener\">Watch the episode<\/a> for tips on how to protect your organization against cyberattacks.<\/p>\n<p>Microsoft is committed to helping organizations stay protected from cyberattacks, whether cybercriminal or nation-state. In particular, nation-state adversaries have significant expertise and resources and will develop new attack patterns to further their geopolitical objectives. Consistent with our mission to provide security for all, Microsoft will use our leading threat intelligence and global team of dedicated cybersecurity defenders to help protect our customers and the world. Just two recent examples of Microsoft\u2019s efforts to combat nation-state attacks include a September 2021 discovery, an investigation of a <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/09\/27\/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor\/\" target=\"_blank\" rel=\"noopener\">NOBELIUM malware referred to as FoggyWeb<\/a>, and our May 2021 profiling of NOBELIUM\u2019s early-stage toolset compromising <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/05\/28\/breaking-down-nobeliums-latest-early-stage-toolset\/\" target=\"_blank\" rel=\"noopener\">EnvyScout, BoomBox, NativeZone, and VaporRage<\/a>.<\/p>\n<p>For immediate support, reach out to the <a href=\"https:\/\/www.microsoft.com\/en-us\/msrc\" target=\"_blank\" rel=\"noopener\">Microsoft Security Response Center<\/a>. Keep an eye out for future posts in the Nobelium nation-state attack series where we share how we fought the NOBELIUM threat and predict the future of cybersecurity. Read our previous post in this series:<\/p>\n<p>To learn more about Microsoft Security solutions,&nbsp;<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/solutions\" target=\"_blank\" rel=\"noopener\">visit our&nbsp;website<\/a>.&nbsp;Bookmark the&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/blog\/\" target=\"_blank\" rel=\"noopener\">Security blog<\/a>&nbsp;to keep up with our expert coverage on security matters. Also, follow us at&nbsp;<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noopener\">@MSFTSecurity<\/a>&nbsp;for the latest news and updates on cybersecurity.<\/p>\n<p> READ MORE <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/11\/10\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the second of a four-part series on the NOBELIUM nation-state attack, we share the behind-the-scenes details of the detection and investigation into the threat.<br \/>\nThe post The hunt for NOBELIUM, the most sophisticated nation-state attack in history appeared first on Microsoft Security Blog. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":43823,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[276],"tags":[347],"class_list":["post-43822","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-secure","tag-cybersecurity"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>The hunt for NOBELIUM, the most sophisticated nation-state attack in history 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The hunt for NOBELIUM, the most sophisticated nation-state attack in history 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-10T17:00:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"The hunt for NOBELIUM, the most sophisticated nation-state attack in history\",\"datePublished\":\"2021-11-10T17:00:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/\"},\"wordCount\":1343,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history.jpg\",\"keywords\":[\"Cybersecurity\"],\"articleSection\":[\"Microsoft Secure\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/\",\"name\":\"The hunt for NOBELIUM, the most sophisticated nation-state attack in history 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history.jpg\",\"datePublished\":\"2021-11-10T17:00:10+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/#primaryimage\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history.jpg\",\"width\":1200,\"height\":800},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\/\/www.threatshub.org\/blog\/tag\/cybersecurity\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"The hunt for NOBELIUM, the most sophisticated nation-state attack in history\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The hunt for NOBELIUM, the most sophisticated nation-state attack in history 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/","og_locale":"en_US","og_type":"article","og_title":"The hunt for NOBELIUM, the most sophisticated nation-state attack in history 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-11-10T17:00:10+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"The hunt for NOBELIUM, the most sophisticated nation-state attack in history","datePublished":"2021-11-10T17:00:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/"},"wordCount":1343,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history.jpg","keywords":["Cybersecurity"],"articleSection":["Microsoft Secure"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/","url":"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/","name":"The hunt for NOBELIUM, the most sophisticated nation-state attack in history 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history.jpg","datePublished":"2021-11-10T17:00:10+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history.jpg","width":1200,"height":800},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/www.threatshub.org\/blog\/tag\/cybersecurity\/"},{"@type":"ListItem","position":3,"name":"The hunt for NOBELIUM, the most sophisticated nation-state attack in history"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43822","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=43822"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43822\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/43823"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=43822"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=43822"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=43822"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}