Attempted phishing attacks have been launched by Russian state-sponsored hacking group Nobelium, also known as APT29 and Cozy Bear, against government agencies and diplomatic organizations across the European Union, reports The Record, a news site by cybersecurity firm Recorded Future. Phishing emails involving a fake 2023 schedule of the Polish ambassador to the U.S. have been delivered by Nobelium in an effort to facilitate EnvyScout malware distribution, according to a BlackBerry report. Researchers said that entities targeted by the phishing emails were those involved in helping Ukraine and its citizens who are fleeing from the country amid the ongoing Russia-Ukraine war. Nobelium has also employed fraudulent websites for EU secure data transfer and information exchange systems eTrustEx and LegisWrite in their attacks, which seek to achieve data exfiltration while being concealed from detection. The report also showed that Nobelium has moved to leverage the application programming interface of the Notion note-taking app for command-and-control server communications.