Nobelium APT

Posted: March 5, 2021

Nobelium APT Description

The Nobelium APT, also called Solarigate or UNC2542, is an Advanced Persistent Threat (APT) group whose members' origins are not yet clear. The criminals recently made headlines because of their successfully supply-chain attack against the SolarWinds software vendor. The criminals managed to utilize a wide range of implants to gain a foothold of key parts of SolarWinds' network, therefore gaining access to confidential information. However, SolarWinds is just one of the many targets of the Nobelium APT hackers. In the past, they have engaged in attacks against other US-based companies, usually operating in the government or technology sectors.

The group is one of the many to adopt the use of the Google Go programming language, which has been gaining popularity rapidly when it comes to malware development. Its primary advantage compared to more established languages, is that it might be a tad better when it comes to obfuscating code and making it more difficult to identify by security products. Of course, this does not mean that malware created with Go is undetectable - Nobelium APT's implants are already identified and removed by major anti-virus products.

Some of Nobelium APT's key malware implants used during the SolarWinds hack are SUNBURST, SUNSPOT and Raindrop. In addition to this, researchers attributed several older malware families to the same organization – the GoldMax Malware, the GoldFinder Malware and the Sibot Malware.

Nobelium APT's campaigns are thoroughly planned, and the criminals appear to rely exclusively on custom-built implants, which serve specific purposes. Unfortunately, this is unlikely to be the last news we hear about the Nobelium hackers and their activities. However, now that major cybersecurity companies are after them, it is very likely that their future malware projects will be identified and stopped before they get anywhere near the success of the SUNBURST and SUNSPOT campaigns.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Nobelium APT may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.