{"version":"1.0","provider_name":"Infoblox Blog","provider_url":"https:\/\/www.infoblox.com\/blog","author_name":"Infoblox Threat Intel","author_url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/","title":"Cyber Threat Advisory: NOBELIUM Campaigns and Malware","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"IuLagQDiyp\"><a href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/nobelium-campaigns-and-malware\/\">Cyber Threat Advisory: NOBELIUM Campaigns and Malware<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/nobelium-campaigns-and-malware\/embed\/#?secret=IuLagQDiyp\" width=\"600\" height=\"338\" title=\"&#8220;Cyber Threat Advisory: NOBELIUM Campaigns and Malware&#8221; &#8212; Infoblox Blog\" data-secret=\"IuLagQDiyp\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script type=\"text\/javascript\">\n\/* <![CDATA[ *\/\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/\/# sourceURL=https:\/\/www.infoblox.com\/blog\/wp-includes\/js\/wp-embed.min.js\n\/* ]]> *\/\n<\/script>\n","thumbnail_url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/may-20.jpg","thumbnail_width":660,"thumbnail_height":454,"description":"NOBELIUM Campaigns and Malware. Between 27 and 28 May, Microsoft published two reports on NOBELIUM, the threat actor behind the December 2020 supply chain attacks1 on SolarWinds\u2019 Orion platform. The first report detailed an ongoing spearphishing campaign that leveraged a variety of techniques to distribute a Cobalt Strike Beacon payload that allows NOBELIUM to remotely control the targeted system through an encrypted network tunnel.2 The second report detailed four tools that were part of NOBELIUM\u2019s unique infection chain in that campaign: EnvyScout, BoomBox, NativeZone, and VaporRage."}