The Nobelium hacking group continues to breach government and enterprise networks worldwide by targeting cloud and managed service providers. Mandiant has discovered a new custom downloader called “Ceeloader” Malware is heavily obfuscated and mixes calls to the Windows API with large blocks of junk code to evade detection by security software. The group is believed to be the hacking division of the Russian Foreign Intelligence Service (SVR), commonly known as APT29, The Dukes, or Cozy Bear. Nobelium is known for its development and use of custom malware that allows backdoor access to networks.”]