{"id":1182,"date":"2022-04-25T18:08:19","date_gmt":"2022-04-25T12:38:19","guid":{"rendered":"http:\/\/threatcop.com\/blog\/?p=1182"},"modified":"2026-05-26T18:10:36","modified_gmt":"2026-05-26T12:40:36","slug":"nobelium-solarwind-hackers","status":"publish","type":"post","link":"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/","title":{"rendered":"Who Are the Nobelium Hackers That Attacked SolarWinds?"},"content":{"rendered":"\n<!-- Key Takeaways Section | Threatcop Brand Style -->\n\n<style>\n.threatcop-summary {\n    border: 1px solid #2f80ed;\n    background-color: #f2f7ff;\n    padding: 20px 24px;\n    border-radius: 6px;\n    margin: 30px 0;\n}\n.threatcop-summary h3 {\n    margin-top: 0;\n    color: #2f80ed;\n    font-size: 20px;\n}\n.threatcop-summary ul {\n    padding-left: 20px;\n    margin: 10px 0 0;\n}\n.threatcop-summary li {\n    margin-bottom: 8px;\n    line-height: 1.5;\n}\n<\/style>\n\n<div class=\"threatcop-summary\">\n    <h3><span class=\"ez-toc-section\" id=\"Key_Takeaways\"><\/span>Key Takeaways<span class=\"ez-toc-section-end\"><\/span><\/h3>\n    <ul>\n        <li>Fast phishing incident response reduces the impact of credential theft, malware, and account compromise.<\/li>\n        <li>Employees should report suspicious emails immediately instead of deleting or ignoring them.<\/li>\n        <li>Effective response plans combine user reporting, automated analysis, and rapid containment.<\/li>\n        <li>Phishing simulations help organizations test and improve reporting behaviour over time.<\/li>\n        <li>Continuous awareness training strengthens employee confidence in identifying and escalating threats.<\/li>\n    <\/ul>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\">The Nobelium hackers did not announce themselves with a ransom note or a defaced website. For over a year, they moved through thousands of networks, including those of US government agencies, without triggering a single alarm. By the time the breach was discovered in December 2020, the attack had already run its course.<\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 ez-toc-wrap-center counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #414141;color:#414141\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #414141;color:#414141\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#Key_Takeaways\" >Key Takeaways<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#Who_Are_the_Nobelium_Hackers\" >Who Are the Nobelium Hackers?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#Is_Nobelium_Hackers_Legit_A_Word_on_Scams\" >Is Nobelium Hackers Legit? A Word on Scams<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#What_Happened_at_SolarWinds_Corporation\" >What Happened at SolarWinds Corporation?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#Timeline_of_the_SolarWinds_Attack\" >Timeline of the SolarWinds Attack<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#How_Was_Nobelium_Caught\" >How Was Nobelium Caught?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#State-Sponsored_Cyber_Attack_Groups\" >State-Sponsored Cyber Attack Groups<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#How_to_Protect_Your_Organization_Against_Supply_Chain_Attacks\" >How to Protect Your Organization Against Supply Chain Attacks<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#Book_a_Free_Demo_Call_with_Our_People_Security_Expert\" >Book a Free Demo Call with Our People Security Expert<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#Enter_your_details\" >Enter your details<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#FAQs\" >FAQs<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#Who_are_the_Nobelium_hackers\" >Who are the Nobelium hackers?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#Is_Nobelium_hackers_legit_or_a_scam\" >Is Nobelium hackers legit or a scam?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#Is_Nobelium_still_active\" >Is Nobelium still active?<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n\n<p class=\"wp-block-paragraph\">The Nobelium group came to public attention when Microsoft flagged them on its website. At the end of December 2020, a series of advanced cyberattacks targeted <strong>SolarWinds Corporation<\/strong>. Russian hackers have long been accused of carrying out highly sophisticated cyber attacks, and this operation turned out to be among the most damaging ever recorded.<\/p>\n\n\n\n<table>\n<thead>\n<tr><th>Attribute<\/th><th>Detail<\/th><\/tr>\n<\/thead>\n<tbody>\n<tr><td><strong>Group Name<\/strong><\/td><td>Nobelium (also tracked as APT29, Cozy Bear)<\/td><\/tr>\n<tr><td><strong>Sponsoring Nation<\/strong><\/td><td>Russia (SVR foreign intelligence service)<\/td><\/tr>\n<tr><td><strong>Primary Attack Vector<\/strong><\/td><td>Supply chain compromise<\/td><\/tr>\n<tr><td><strong>Major Target<\/strong><\/td><td>SolarWinds Orion Platform<\/td><\/tr>\n<tr><td><strong>Organizations Affected<\/strong><\/td><td>18,000+ (14 confirmed breaches)<\/td><\/tr>\n<tr><td><strong>First Identified<\/strong><\/td><td>FireEye, December 2020<\/td><\/tr>\n<tr><td><strong>Active Since<\/strong><\/td><td>At least 2019<\/td><\/tr>\n<\/tbody>\n<\/table>\n\n\n\n<p class=\"wp-block-paragraph\">According to <a href=\"https:\/\/www.zdnet.com\/article\/solarwinds-hacking-group-nobelium-is-now-targeting-the-global-it-supply-chain-microsoft-warns\/\">Microsoft<\/a>, in May 2021, the Nobelium hacker group launched a campaign targeting 140 companies, of which 14 confirmed compromise cases were reported.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The cyberattacks by the Nobelium group were first identified by Microsoft Corporation, which classified the group as an Advanced Persistent Threat (APT) that targets network and cloud service providers through piggybacking.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Who_Are_the_Nobelium_Hackers\"><\/span>Who Are the Nobelium Hackers?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Nobelium is a Russian state-sponsored hacking group, officially attributed to Russia&#8217;s SVR foreign intelligence service and widely linked to the APT29 threat actor cluster. They are best known for orchestrating the 2020 SolarWinds data breach, one of the largest supply-chain attacks on record.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The Nobelium hackers are a state-sponsored cybercriminal group believed to be backed by Russian intelligence, specifically the SVR (Russia&#8217;s Foreign Intelligence Service). Their primary approach is the <strong>supply chain attack<\/strong>, which they have used to target around <strong>140 technology companies in the global IT supply chain<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Their campaigns typically start months or years before anyone realizes a breach has occurred. Rather than breaking in through a front door, they embed malicious code into trusted software channels so that their payload gets delivered to victims by the same update servers those organizations already rely on.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Nobelium is also tracked by different names across the security industry. Microsoft calls them Nobelium; other researchers have linked them to APT29 and Cozy Bear, the same group widely believed to have breached the Democratic National Committee in 2016. The group carries out attacks through <strong>phishing, spray-and-pray credential stuffing, token theft, and API abuse<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Is_Nobelium_Hackers_Legit_A_Word_on_Scams\"><\/span>Is Nobelium Hackers Legit? A Word on Scams<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">If you received an email, message, or phone call from someone claiming to represent &#8220;Nobelium hackers,&#8221; whether they are demanding payment, threatening to release data, or offering to recover lost cryptocurrency, that is a scam. The real Nobelium group is a nation-state intelligence operation. They do not contact individuals or businesses directly demanding ransom. Any such communication is fraudulent and should be reported to your local cybercrime authority immediately.<\/p>\n\n\n<div class=\"wp-block-image wp-image-1186\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"671\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/04\/Picture1-6175cf463b3e5.png\" alt=\"Nobelium\" class=\"wp-image-10104\"\/><figcaption class=\"wp-element-caption\">(Source: Microsoft)<\/figcaption><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Happened_at_SolarWinds_Corporation\"><\/span>What Happened at SolarWinds Corporation?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The Nobelium hackers infected a software product named <strong>Orion<\/strong>, developed and distributed by SolarWinds Corporation, and deployed it across thousands of systems through a supply-chain attack. In a supply chain attack, the attacker compromises a trusted software vendor rather than targeting end users directly, making detection far harder.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">SolarWinds Corporation is a software company that provides system management and technical services to organizations globally. Their Orion platform was an IT performance management system with access to thousands of customers&#8217; networks, making it an attractive target for a group seeking to reach as many high-value organizations as possible through a single point of compromise.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The Nobelium hackers <strong>inserted malicious code into the Orion network management system<\/strong>, which was used by numerous government agencies and multinational companies worldwide. Once in place, the Orion Platform created a backdoor that allowed the hackers to access accounts and impersonate users of victim organizations.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The update carrying the malware was deployed to around <strong>18,000 customers<\/strong>. From there, Nobelium activated the backdoor selectively on its highest-value targets, including <strong>Microsoft, the US Treasury, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Justice (DOJ)<\/strong>. Among all the targeted US government agencies, <a href=\"https:\/\/gbhackers.com\/russian-threat-group-nobelium-attack\/\">80% of the Department of Justice&#8217;s<\/a> emails were compromised.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Microsoft later estimated that this level of attack would have taken approximately 1,000 engineers to execute.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Timeline_of_the_SolarWinds_Attack\"><\/span>Timeline of the SolarWinds Attack<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>4 September 2019:<\/strong> Nobelium hackers gain initial access to SolarWinds Corporation.<\/li>\n\n\n\n<li><strong>12 September 2019:<\/strong> The hackers inject test code and run a trial, employing a sophisticated injection technique to embed SUNBURST malicious code into the Orion Platform software. SUNBURST is the name given to the backdoor trojan, Nobelium, which hid within legitimate Orion software updates.<\/li>\n\n\n\n<li><strong>20 February 2020:<\/strong> The attackers compile and deploy the full SUNBURST attack.<\/li>\n\n\n\n<li><strong>4 June 2020:<\/strong> The SUNBURST malicious code is removed from SolarWinds systems. The payload had already been delivered.<\/li>\n\n\n\n<li><strong>8 December 2020:<\/strong> FireEye, a cybersecurity company, uncovers a breach in its own systems and begins an investigation.<\/li>\n\n\n\n<li><strong>12 December 2020:<\/strong> FireEye discloses that the breach was a result of a cyber attack on SolarWinds&#8217; Orion Platform.<\/li>\n\n\n\n<li><strong>15 December 2020:<\/strong> SolarWinds releases a software fix.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The gap in this <a href=\"https:\/\/www.csoonline.com\/article\/3613571\/the-solarwinds-hack-timeline-who-knew-what-and-when.html\">timeline<\/a> warrants attention. Nobelium had access to SolarWinds infrastructure for over a year before anyone knew. The malware had completed its work well before a fix was ever issued.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"536\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/a-timeline-of-the-solarwinds-hack-what-weve-learned_6005f7d0638cb.png-1024x536-1.webp\" alt=\"a timeline of the solarwinds sunburst attack\" class=\"wp-image-10106\"\/><figcaption class=\"wp-element-caption\">(Source: Dimensional Data)<\/figcaption><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_Was_Nobelium_Caught\"><\/span>How Was Nobelium Caught?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">FireEye was the company that first identified the breach and alerted people globally. FireEye did not discover the attack through proactive threat hunting. They found it because their own systems had been compromised, and tracing that breach backward led to the poisoned Orion update.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Microsoft then took the initiative to explore the full extent of the attack. The infected software implanted by the Nobelium hackers remained undetected until December 2020. Microsoft subsequently released a series of technical guidelines for affected customers.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The group responsible remained unidentified until January 2021, when the US Intelligence Community formally accused the Russian state of sponsoring the operation. Between July and mid-October of 2021, threat actors from Nobelium attacked 609 customers approximately 22,868 times. Over three years, Microsoft notified customers about state-sponsored cyberattacks around 20,500 times.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Nobelium has remained active well beyond the SolarWinds breach. Microsoft has continued to track and report on Nobelium campaigns targeting government agencies, IT service providers, and think tanks across the US and Europe, confirming that the group did not stand down after the 2020 attack was exposed.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"State-Sponsored_Cyber_Attack_Groups\"><\/span>State-Sponsored Cyber Attack Groups<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Nation-state cyberattacks are carried out in the interest of a host country to damage the target nation, and thus fall into a different category from financially motivated cybercrime. They are backed by government resources and operate with objectives that go beyond money, targeting critical infrastructure, intelligence agencies, and government systems. Some of the most active state-sponsored groups currently tracked include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cozy Bear \/ APT29<\/strong> (allegedly backed by Russia, linked to Nobelium)<\/li>\n\n\n\n<li><strong>Fancy Bear \/ APT28<\/strong> (allegedly backed by Russia)<\/li>\n\n\n\n<li><strong>Lazarus Group<\/strong> (allegedly backed by North Korea)<\/li>\n\n\n\n<li><strong>Double Dragon \/ APT41<\/strong> (allegedly backed by China)<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Every organization continues to improve its cyber infrastructure to defend against such attacks, while threat actors continue to develop new methods to carry them out. Among all types of cyber attacks, malware-based attacks remain the most common. Ransomware is a prominent example, and some groups have developed a business model around it, offering Ransomware-as-a-Service to clients who want to attack other organizations.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Read more: <a href=\"https:\/\/threatcop.com\/blog\/ransomware-as-a-service\/\">Ransomware as a Service Attack<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_Protect_Your_Organization_Against_Supply_Chain_Attacks\"><\/span>How to Protect Your Organization Against Supply Chain Attacks<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The SolarWinds breach showed that organizations often trust their software vendors without verifying their credentials. When an attacker gains access to that vendor, victims have no obvious reason to be suspicious because the malicious update is coming from a source they have already approved and rely on.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Verify software update integrity.<\/strong> Before deploying any third-party software update, verify its cryptographic signature against the vendor&#8217;s published key. Most major vendors provide hash values or digital certificates for this purpose. An update that cannot be verified should not be deployed.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Adopt a zero-trust network model.<\/strong> The Nobelium hackers moved laterally through victim networks because those networks trusted connected systems by default. A zero-trust approach requires that every device, user, and application continuously authenticate, regardless of where they sit on the network.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Limit third-party access.<\/strong> Audit every vendor and tool with access to your network and apply the principle of least privilege to all of them, not just internal users. Nobelium exploited the broad network access that SolarWinds&#8217; Orion required to function.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Run security awareness training.<\/strong> Many of Nobelium&#8217;s follow-on attacks after the initial SolarWinds breach came through targeted spear-phishing. Employees who can spot suspicious emails stop many attacks before they reach the network.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Monitor for unusual behavior.<\/strong> Tools that establish a baseline of normal network activity and flag deviations, even from trusted software, can catch supply chain attacks before they escalate. SUNBURST was built to blend in with normal Orion traffic; behavioral monitoring is one of the few controls capable of catching that.<\/p>\n\n\n\n<!DOCTYPE html>\n<html lang=\"en\">\n\n<head>\n    <meta charset=\"UTF-8\">\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n    <title>Document<\/title>\n<\/head>\n\n<style>\n    .interestedBtn {\n        width: 80% !important;\n        box-sizing: border-box !important;\n        display: inline-block !important;\n        padding: 11px !important;\n        border: 1px !important;\n        border-color: #ddd !important;\n        margin-top: 10px !important;\n        background-color: #183e8b !important;\n        background-image: none !important;\n        text-shadow: none !important;\n        color: #fff !important;\n        font-size: 14px !important;\n        line-height: 20px !important;\n        border-radius: 5px !important;\n        margin: 0 !important;\n        cursor: pointer !important;\n        box-shadow: 0px 4.66px 22.99px 0px rgba(0, 0, 0, 0.10);;\n    }\n\n\n        .formSec .formSecTwo{\n            padding-top: 15px !important;\n            margin-bottom: 30px !important;\n        }\n\n\n    .tnp-email {\n        width: 80% !important;\n        box-sizing: border-box;\n        padding: 8px 10px;\n        display: inline-block;\n        border: 1px solid #ced4da;\n        background: #fff;\n        color: #000 !important;\n        font-size: 13px;\n        line-height: 20px;\n        border-radius: 2px;\n        padding-right: 30px;\n        margin-bottom: 0px;\n    }\n\n    .formSec {\n        border: 1px solid #ced4da;\n        float: left !important;\n        width: 55% !important;\n    }\n\n    .mainBox {\n       \/* border: 1px solid #183e8b;*\/\n         background: white;\n        max-width: 600px !important;\n        margin: 0 auto !important;\n        padding: 20px !important;\n        font-family: Arial, Helvetica, sans-serif !important;\n    }\n\n    .boxDiv {\n        display: flex !important;\n    }\n\n    .boxConsult {\n        float: left !important;\n        width: 45% !important;\n        padding: 10px !important;\n    }\n\n    .formSecTwo {\n        text-align:center !important;\n        width: 100% !important;\n    }\n\n    .formHeading {\n        font-family: Arial, Helvetica, sans-serif;\n        margin-top: 0px;\n        font-weight: 700;\n        line-height: 25px;\n        font-size: 18px !important;\n        \n       margin-bottom: 60px !important;\n       color: #000!important;\n          margin-top: 5px !important;\n    }\n\n    .fieldHeading {\n        margin: 0 !important;\n        font-size: 13px !important;\n        text-align: left !important;\n        margin: 0px 39px 2px 93px !important;\n        font-weight: 500 !important;\n    }\n\n    .image {\n        max-width:90% !important;\n        height: auto !important;\n    }\n\n     .email-icon {\n            position: absolute;\n            right: 50px;\n             top: 20px;\n            transform: translateY(-50%);\n            pointer-events: none; \n        }\n\n          .email-container{\n             position: relative;\n         \n        }\n       \n\n        .email-icon img{\n                 width: 15px;\n        }\n\n\n         input::placeholder {\n            color:#495057;\n        }\n\n\n     ::placeholder {\n        color: #495057;\n    }\n\n        ::-ms-input-placeholder { \n          color:#495057;\n        }\n\n\n        input:-webkit-autofill {\n            background-color: transparent !important;\n            -webkit-box-shadow: 0 0 0px 1000px white inset !important; \n            box-shadow: 0 0 0px 1000px white inset !important;\n            color: #495057 !important; \n        }\n\n        \n        input {\n            color:#495057 !important;\n        }\n\n\n    @media screen and (max-width: 480px) {\n        .boxDiv {\n            display: block !important;\n            padding: 15px !important;\n         \n        }\n\n        .image{\n        width: 80% !important;\n         margin-bottom: 14px;\n        }\n        .fieldHeading {\n            text-align: left !important;\n            margin: unset !important;\n        }\n\n        .boxConsult {\n            width: unset !important;\n            float: none !important;\n        }\n\n        .mainBox {\n            border: unset !important;\n        }\n\n        .formSec {\n            float: unset !important;\n            width: 100% !important;\n        }\n\n        .formSecTwo {\n            text-align: center !important;\n        }\n\n        .tnp-email {\n            width: 90% !important;\n        }\n\n        .formHeading {\n            margin-bottom: unset !important;\n        }\n\n         .email-icon {\n            position: absolute;\n            right: 25px;\n            top: 58%;\n            transform: translateY(-50%);\n            pointer-events: none; \/* Make sure the icon doesn't block clicking on the input *\/\n        }\n       \n        .email-container{\n             position: relative;\n        }\n\n    }\n<\/style>\n\n<body>\n\n    <div class=\"mainBox\" box-sizing:=\"\" border-box;=\"\">\n\n        <div class=\"boxDiv\">\n\n            <div class=\"boxConsult\">\n                <div>\n                    <h3 class=\"formHeading\" style=\" font-size: 16px !important;\"><span class=\"ez-toc-section\" id=\"Book_a_Free_Demo_Call_with_Our_People_Security_Expert\"><\/span>\n                        Book a Free Demo Call with Our People Security Expert<span class=\"ez-toc-section-end\"><\/span><\/h3>\n                <\/div>\n                <img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/form.svg\" class=\"image\">\n            <\/div>\n\n            <div class=\"formSec\">\n                <div class=\" formSecTwo\">\n                    <h4 style=\"margin-top: 0; font-size: 16px !important;\"><span class=\"ez-toc-section\" id=\"Enter_your_details\"><\/span>Enter your details<span class=\"ez-toc-section-end\"><\/span><\/h4>\n                    <div class=\"tnp tnp-subscription-minimal\">\n                        <form action=\"https:\/\/threatcop.com\/thankyou-blog\" method=\"get\" target=\"_blank\">\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n\n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"FullName\" value=\"\"\n                                    placeholder=\"Full Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon01.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n                               \n                                <input class=\"tnp-email\" type=\"email\" required=\"\" name=\"email\" value=\"\"\n                                    placeholder=\"Corporate Email Id\">\n                                     <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon02.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n                               \n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"CompanyName\" value=\"\"\n                                    placeholder=\"Company Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon03.svg\" class=\"img-fluid\" \/><\/span>\n\n                            <\/div>\n\n                            <div class=\"email-container\">\n                               \n                                <input class=\"tnp-email\" type=\"number\" required=\"\" name=\"Phone\" value=\"\"\n                                    placeholder=\"Phone No.\"><br>\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon04.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n                            <input type=\"hidden\" name=\"BlogForm\" value=\"BlogForm\"><br>\n                            <input class=\"tnp-submit interestedBtn\" name=\"submit\" type=\"submit\"\n                                value=\"SUBMIT\">\n\n                        <\/form>\n                    <\/div>\n                <\/div>\n            <\/div>\n\n        <\/div>\n    <\/div>\n\n<\/body>\n\n<\/html>\n\n\n\n<p class=\"wp-block-paragraph\">Most ransomware attacks are also carried out through email spamming or email spoofing. Those emails lure targets into clicking links to phishing websites or into opening attachments that deliver malware. This is why <a href=\"https:\/\/threatcop.com\/threatcop-security-awareness-training\">security awareness training<\/a> matters alongside technical controls. Organizations that train employees to identify and report suspicious communications cut down their exposure across all threat categories.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"FAQs\"><\/span>FAQs<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n<style>#sp-ea-14630 .spcollapsing { height: 0; overflow: hidden; transition-property: height;transition-duration: 300ms;}#sp-ea-14630.sp-easy-accordion>.sp-ea-single {margin-bottom: 10px; border: 1px solid #e2e2e2; }#sp-ea-14630.sp-easy-accordion>.sp-ea-single>.ea-header a {color: #444;}#sp-ea-14630.sp-easy-accordion>.sp-ea-single>.sp-collapse>.ea-body {background: #fff; color: #444;}#sp-ea-14630.sp-easy-accordion>.sp-ea-single {background: #eee;}#sp-ea-14630.sp-easy-accordion>.sp-ea-single>.ea-header a .ea-expand-icon { float: left; color: #444;font-size: 16px;}<\/style><div id=\"sp_easy_accordion-1779798649\"><div id=\"sp-ea-14630\" class=\"sp-ea-one sp-easy-accordion\" data-ea-active=\"ea-click\" data-ea-mode=\"vertical\" data-preloader=\"\" data-scroll-active-item=\"\" data-offset-to-scroll=\"0\"><div class=\"ea-card ea-expand sp-ea-single\"><h3 class=\"ea-header\"><span class=\"ez-toc-section\" id=\"Who_are_the_Nobelium_hackers\"><\/span><a class=\"collapsed\" id=\"ea-header-146300\" role=\"button\" data-sptoggle=\"spcollapse\" data-sptarget=\"#collapse146300\" aria-controls=\"collapse146300\" href=\"#\" aria-expanded=\"true\" tabindex=\"0\"><i aria-hidden=\"true\" role=\"presentation\" class=\"ea-expand-icon eap-icon-ea-expand-minus\"><\/i> Who are the Nobelium hackers?<\/a><span class=\"ez-toc-section-end\"><\/span><\/h3><div class=\"sp-collapse spcollapse collapsed show\" id=\"collapse146300\" data-parent=\"#sp-ea-14630\" role=\"region\" aria-labelledby=\"ea-header-146300\"> <div class=\"ea-body\"><p class=\"font-claude-response-body break-words whitespace-normal leading-[1.7]\"><span style=\"color: #000000\">Nobelium is a Russian state-sponsored hacking group attributed to Russia's SVR foreign intelligence service. They are best known for the 2020 SolarWinds supply chain attack, which compromised over 18,000 organizations including multiple US government agencies.<\/span><\/p><\/div><\/div><\/div><div class=\"ea-card sp-ea-single\"><h3 class=\"ea-header\"><span class=\"ez-toc-section\" id=\"Is_Nobelium_hackers_legit_or_a_scam\"><\/span><a class=\"collapsed\" id=\"ea-header-146301\" role=\"button\" data-sptoggle=\"spcollapse\" data-sptarget=\"#collapse146301\" aria-controls=\"collapse146301\" href=\"#\" aria-expanded=\"false\" tabindex=\"0\"><i aria-hidden=\"true\" role=\"presentation\" class=\"ea-expand-icon eap-icon-ea-expand-plus\"><\/i> Is Nobelium hackers legit or a scam?<\/a><span class=\"ez-toc-section-end\"><\/span><\/h3><div class=\"sp-collapse spcollapse \" id=\"collapse146301\" data-parent=\"#sp-ea-14630\" role=\"region\" aria-labelledby=\"ea-header-146301\"> <div class=\"ea-body\"><p><span style=\"color: #000000\">The Nobelium hacker group is a real, state-sponsored APT operation. However, any email, call, or message you receive from someone claiming to be \"Nobelium hackers\" demanding payment or threatening to release your data is a scam. The actual group does not contact individuals or businesses directly.<\/span><\/p><\/div><\/div><\/div><div class=\"ea-card sp-ea-single\"><h3 class=\"ea-header\"><span class=\"ez-toc-section\" id=\"Is_Nobelium_still_active\"><\/span><a class=\"collapsed\" id=\"ea-header-146302\" role=\"button\" data-sptoggle=\"spcollapse\" data-sptarget=\"#collapse146302\" aria-controls=\"collapse146302\" href=\"#\" aria-expanded=\"false\" tabindex=\"0\"><i aria-hidden=\"true\" role=\"presentation\" class=\"ea-expand-icon eap-icon-ea-expand-plus\"><\/i> Is Nobelium still active?<\/a><span class=\"ez-toc-section-end\"><\/span><\/h3><div class=\"sp-collapse spcollapse \" id=\"collapse146302\" data-parent=\"#sp-ea-14630\" role=\"region\" aria-labelledby=\"ea-header-146302\"> <div class=\"ea-body\"><p><span style=\"color: #000000\">Yes. Microsoft has continued tracking Nobelium activity well beyond the 2020 SolarWinds breach, with confirmed campaigns targeting government agencies, IT service providers, and think tanks across the US and Europe through 2021 and beyond.<\/span><\/p><\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Key Takeaways Fast phishing incident response reduces the impact of credential theft, malware, and account compromise. Employees should report suspicious emails immediately instead of deleting or ignoring them. Effective response plans combine user reporting, automated analysis, and rapid containment. Phishing simulations help organizations test and improve reporting behaviour over time. Continuous awareness training strengthens employee [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":1214,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[47],"tags":[],"class_list":["post-1182","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-miscellaneous"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Nobelium SolarWinds Hacker| Threatcop<\/title>\n<meta name=\"description\" content=\"Stay informed on the latest developments regarding the Nobelium SolarWinds hacker. Discover how to protect your organization.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Nobelium SolarWinds Hacker| Threatcop\" \/>\n<meta property=\"og:description\" content=\"Stay informed on the latest developments regarding the Nobelium SolarWinds hacker. Discover how to protect your organization.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/\" \/>\n<meta property=\"og:site_name\" content=\"Threatcop\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-25T12:38:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-26T12:40:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/03\/Nobelium-Solarwinds-Hackers.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1250\" \/>\n\t<meta property=\"og:image:height\" content=\"1200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Sanjana Kumari\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatcop\" \/>\n<meta name=\"twitter:site\" content=\"@threatcop\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sanjana Kumari\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/nobelium-solarwind-hackers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/nobelium-solarwind-hackers\\\/\"},\"author\":{\"name\":\"Sanjana Kumari\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/2703154c3efcd8ecca1e4683c696888d\"},\"headline\":\"Who Are the Nobelium Hackers That Attacked SolarWinds?\",\"datePublished\":\"2022-04-25T12:38:19+00:00\",\"dateModified\":\"2026-05-26T12:40:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/nobelium-solarwind-hackers\\\/\"},\"wordCount\":1579,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/nobelium-solarwind-hackers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/Nobelium-Solarwinds-Hackers.webp\",\"articleSection\":[\"Miscellaneous\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/nobelium-solarwind-hackers\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/nobelium-solarwind-hackers\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/nobelium-solarwind-hackers\\\/\",\"name\":\"Nobelium SolarWinds Hacker| Threatcop\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/nobelium-solarwind-hackers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/nobelium-solarwind-hackers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/Nobelium-Solarwinds-Hackers.webp\",\"datePublished\":\"2022-04-25T12:38:19+00:00\",\"dateModified\":\"2026-05-26T12:40:36+00:00\",\"description\":\"Stay informed on the latest developments regarding the Nobelium SolarWinds hacker. Discover how to protect your organization.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/nobelium-solarwind-hackers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/nobelium-solarwind-hackers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/nobelium-solarwind-hackers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/Nobelium-Solarwinds-Hackers.webp\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/Nobelium-Solarwinds-Hackers.webp\",\"width\":1250,\"height\":1200,\"caption\":\"Nobelium Solarwinds Hackers\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/nobelium-solarwind-hackers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Who Are the Nobelium Hackers That Attacked SolarWinds?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"name\":\"Threatcop\",\"description\":\"Cybersecurity Blogs, News, Updates, and Articles\",\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\",\"name\":\"Threatcop\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/cropped-original-logo-TC.png\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/cropped-original-logo-TC.png\",\"width\":951,\"height\":228,\"caption\":\"Threatcop\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/Threatcop\\\/100083109892339\\\/\",\"https:\\\/\\\/x.com\\\/threatcop\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/threatcop\\\/\",\"https:\\\/\\\/www.instagram.com\\\/threatcop_official\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/2703154c3efcd8ecca1e4683c696888d\",\"name\":\"Sanjana Kumari\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_4_1696400016.png\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_4_1696400016.png\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_4_1696400016.png\",\"caption\":\"Sanjana Kumari\"},\"description\":\"Security Compliance Executive Department: Compliance, Threatcop Sanjana is a Security Compliance Executive working on best-of-the-industry-level compliances relevant from a cybersecurity perspective, their implementation, learning and outcomes in various business domains.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Nobelium SolarWinds Hacker| Threatcop","description":"Stay informed on the latest developments regarding the Nobelium SolarWinds hacker. Discover how to protect your organization.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/","og_locale":"en_US","og_type":"article","og_title":"Nobelium SolarWinds Hacker| Threatcop","og_description":"Stay informed on the latest developments regarding the Nobelium SolarWinds hacker. Discover how to protect your organization.","og_url":"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/","og_site_name":"Threatcop","article_publisher":"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","article_published_time":"2022-04-25T12:38:19+00:00","article_modified_time":"2026-05-26T12:40:36+00:00","og_image":[{"width":1250,"height":1200,"url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/03\/Nobelium-Solarwinds-Hackers.webp","type":"image\/webp"}],"author":"Sanjana Kumari","twitter_card":"summary_large_image","twitter_creator":"@threatcop","twitter_site":"@threatcop","twitter_misc":{"Written by":"Sanjana Kumari","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#article","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/"},"author":{"name":"Sanjana Kumari","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/2703154c3efcd8ecca1e4683c696888d"},"headline":"Who Are the Nobelium Hackers That Attacked SolarWinds?","datePublished":"2022-04-25T12:38:19+00:00","dateModified":"2026-05-26T12:40:36+00:00","mainEntityOfPage":{"@id":"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/"},"wordCount":1579,"commentCount":0,"publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"image":{"@id":"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/03\/Nobelium-Solarwinds-Hackers.webp","articleSection":["Miscellaneous"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/","url":"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/","name":"Nobelium SolarWinds Hacker| Threatcop","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#primaryimage"},"image":{"@id":"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/03\/Nobelium-Solarwinds-Hackers.webp","datePublished":"2022-04-25T12:38:19+00:00","dateModified":"2026-05-26T12:40:36+00:00","description":"Stay informed on the latest developments regarding the Nobelium SolarWinds hacker. Discover how to protect your organization.","breadcrumb":{"@id":"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#primaryimage","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/03\/Nobelium-Solarwinds-Hackers.webp","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/03\/Nobelium-Solarwinds-Hackers.webp","width":1250,"height":1200,"caption":"Nobelium Solarwinds Hackers"},{"@type":"BreadcrumbList","@id":"https:\/\/threatcop.com\/blog\/nobelium-solarwind-hackers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/threatcop.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Who Are the Nobelium Hackers That Attacked SolarWinds?"}]},{"@type":"WebSite","@id":"https:\/\/threatcop.com\/blog\/#website","url":"https:\/\/threatcop.com\/blog\/","name":"Threatcop","description":"Cybersecurity Blogs, News, Updates, and Articles","publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/threatcop.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/threatcop.com\/blog\/#organization","name":"Threatcop","url":"https:\/\/threatcop.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/03\/cropped-original-logo-TC.png","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/03\/cropped-original-logo-TC.png","width":951,"height":228,"caption":"Threatcop"},"image":{"@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","https:\/\/x.com\/threatcop","https:\/\/www.linkedin.com\/company\/threatcop\/","https:\/\/www.instagram.com\/threatcop_official\/"]},{"@type":"Person","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/2703154c3efcd8ecca1e4683c696888d","name":"Sanjana Kumari","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_4_1696400016.png","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_4_1696400016.png","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_4_1696400016.png","caption":"Sanjana Kumari"},"description":"Security Compliance Executive Department: Compliance, Threatcop Sanjana is a Security Compliance Executive working on best-of-the-industry-level compliances relevant from a cybersecurity perspective, their implementation, learning and outcomes in various business domains."}]}},"_links":{"self":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/1182","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/comments?post=1182"}],"version-history":[{"count":21,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/1182\/revisions"}],"predecessor-version":[{"id":14632,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/1182\/revisions\/14632"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media\/1214"}],"wp:attachment":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media?parent=1182"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/categories?post=1182"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/tags?post=1182"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}