Security News > 2021 > December > Russian hacking group uses new stealthy Ceeloader malware
The Nobelium hacking group continues to breach government and enterprise networks worldwide by targeting their cloud and managed service providers and using a new custom "Ceeloader" malware.
While Nobelium is an advanced hacking group using custom malware and tools, they still leave traces of activity that researchers can use to analyze their attacks.
In a new report from Mandiant, researchers used this activity to uncover tactics, techniques, and procedures used by the hacking group, as well as a new custom downloader called "Ceeloader."
The researchers break Nobelium into two distinct clusters of activity attributed to UNC3004 and UNC2652, which could mean that Nobelium is two cooperating hacking groups.
In at least one other breach, the hacking group used the CRYPTBOT password-stealing malware to steal valid session tokens used to authenticate to the victim's Microsoft 365 environment.
Nobelium has used numerous custom malware strains in the past, specifically during the Solarwinds attacks and in a phishing attack against the United States Agency for International Development.