June 20, 2024 at 08:37AM
The CERT-FR report on Nobelium’s cyber activities revealed the group’s espionage focus and targeting of French diplomatic entities, including the Ministry of Foreign Affairs. The report warns of Nobelium’s threat to national security and diplomatic interests, amid concerns about Russian interference in French affairs, particularly during election periods. The group’s ties to Russian intelligence are emphasized.
Based on the meeting notes, the key takeaways are:
1. Nobelium, also known as Midnight Blizzard and linked to the Russian intelligence service SVR, is a significant cyber threat as France prepares for a major election and to host the Olympic and Paralympic Games.
2. Nobelium is distinct from APT29 and Dark Halo, but like the other groups, it is linked to the Russian intelligence service. ANSSI believes Nobelium is a separate entity spun up in October 2020.
3. The group primarily focuses on espionage, targeting diplomatic staff, email accounts of ministries and embassies, and using phishing emails sent from compromised foreign institutions.
4. The French public sector, including the Ministry of Foreign Affairs, has been targeted using business email compromise (BEC) style attacks, with numerous attempts to breach and gather intelligence.
5. Nobelium poses a genuine threat to the national security and diplomatic interests of France and wider Europe. Despite not carrying out a major attack on the French government since 2022, concerns about potential future Russian interference are significant.
6. Russian interference is evident in various incidents, including disinformation campaigns to undermine President Macron, alleged interference in the 2017 French presidential election, and ongoing efforts to spread disinformation around the upcoming Olympic and Paralympic Games.
These takeaways provide a clear understanding of the current cyber threats posed by Nobelium and the broader context of Russian interference in French affairs.