Midnight Blizzard – Your Custom Detection Rules

Midnight Blizzard (NOBELIUM), a Russian threat actor linked to the SVR, is known for targeting governments, NGOs, and IT providers in the US and Europe. Active since 2018, they focus on intelligence collection through espionage.

Midnight Blizzard employs varied methods, including stolen credentials, supply chain attacks, and exploitation of on-premises environments to access the cloud. They also use ADFS malware like FOGGYWEB and MAGICWEB. Security firms also track them as APT29, UNC2452, and Cozy Bear.

To receive your custom Midnight Blizzard detection rules, please fill out the form and schedule a brief demo with one of our detection engineering experts. It will only take 15 minutes of your time.