On February 8th 2022, SEKOIA.IO detected a new NOBELIUM spear phishing campaign targeting 87 embassies around the world. This spear phishing campaign, sent from a compromised mail account, used the EnvyScout infection chain to execute a new implant using the Trello API and dubbed "Trello Downloader" in the Intelligence Center.