Russia’s ‘Midnight Blizzard’ hackers target government workers in novel info-stealing campaign (therecord.media)
from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 30 Oct 2024 11:28
https://sh.itjust.works/post/27361289

#cybersecurity

threaded - newest

sbv@sh.itjust.works on 30 Oct 2024 14:43 collapse

The campaign is ongoing and Microsoft tracked emails “sent to thousands of targets in over 100 organizations.” The emails contained configuration files for Remote Desktop Protocol (RDP) that are connected to servers controlled by the hackers.

Even security keys and point of sale devices could be affected by opening the RDP attachment. The access would allow hackers to install malware, map the victim’s network, install other tools and gain access to credentials.

The campaign was particularly noteworthy because the use of RDP configuration files was a novel advancement in Midnight Blizzard’s tactics. Microsoft noted that both Amazon and the Government Computer Emergency Response Team of Ukraine have seen similar activity.

I’m surprised that using RDP is novel for spear phishing, but Microsoft knows more about it than I do.