A cyber espionage campaign targeting foreign ministries and diplomatic entities located in NATO member states, the European Union, and Africa has been ongoing and linked to the Russia-based APT29 (also known as Cozy Bear) threat actor. This information was provided by Poland’s Military Counterintelligence Service and the CERT Polska team. The observed activity is similar in tactics to the Nobelium cluster tracked by Microsoft, which gained notoriety for its high-profile attack on SolarWinds in 2020. Russia’s Foreign Intelligence Service (SVR), which is responsible for safeguarding “individuals, society, and the state from foreign threats,” has been linked to Nobelium’s operations.