NOBELIUM now uses Trello as C2, targeting embassies 🕵️

On February 8th 2022, SEKOIA.IO detected a new NOBELIUM spear phishing campaign targeting 87 embassies around the world. This spear phishing campaign, sent from a compromised mail account, used the EnvyScout infection chain to execute a new implant using the Trello API and dubbed "Trello Downloader" in the Intelligence Center. ![Capture d’écran de 2022-02-10 13-45-02.png](BASE/products/901462981/changelog/8713/inline-31e150969cb5cb7ab918b41281b72672.jpg)