Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files

Welcome to the Precious Metals Bug Forums

Welcome to the PMBug forums - a watering hole for folks interested in gold, silver, precious metals, sound money, investing, market and economic news, central bank monetary policies, politics and more.

Why not register an account and join the discussions? When you register an account and log in, you may enjoy additional benefits including no Google ads, market data/charts, access to trade/barter with the community and much more. Registering an account is free - you have nothing to lose!

searcher

morning
Moderator
Benefactor
Messages
19,638
Reaction score
3,634
Points
288

Microsoft says Russian hackers have launched major spear phishing attacks against US government officials​

Infamous Russian-linked threat actor Midnight Blizzard has been targeting US officials with spear phishing attacks across a range of government and non-government sectors, new research has claimed..

Findings released by Microsoft Threat Intelligence state Midnight Blizzard has been using these attacks to gather information since first being observed on October 22.

These campaigns have also been observed and confirmed by Amazon and the Government Computer Emergency Response Team of Ukraine.

More:

 

Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files​

Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. This activity is ongoing, and Microsoft will continue to investigate and provide updates as available. Based on our investigation of previous Midnight Blizzard spear-phishing campaigns, we assess that the goal of this operation is likely intelligence collection. Microsoft is releasing this blog to notify the public and disrupt this threat actor activity. This blog provides context on these external spear-phishing attempts, which are common attack techniques and do not represent any new compromise of Microsoft.

The spear-phishing emails in this campaign were sent to thousands of targets in over 100 organizations and contained a signed Remote Desktop Protocol (RDP) configuration file that connected to an actor-controlled server. In some of the lures, the actor attempted to add credibility to their malicious messages by impersonating Microsoft employees. The threat actor also referenced other cloud providers in the phishing lures.

While this campaign focuses on many of Midnight Blizzard’s usual targets, the use of a signed RDP configuration file to gain access to the targets’ devices represents a novel access vector for this actor. Overlapping activity has also been reported by the Government Computer Emergency Response Team of Ukraine (CERT-UA) under the designation UAC-0215 and also by Amazon.

More:

 
This post may contain affiliate links for which PM Bug gold and silver discussion forum may be compensated.
Back
Top Bottom