Grow Your Business and Join MarketWorld Marketplace and Create Your Own Store front

Sunday, December 22, 2024

HomeCyberSecurityCISA warns of foreign threat group launching spearphishing campaign using malicious RDP...

CISA warns of foreign threat group launching spearphishing campaign using malicious RDP files

Dive Brief:

  • The Cybersecurity and Infrastructure Security Agency on Thursday said it has received multiple reports of a foreign threat actor targeting government and IT companies in a widescale spear-phishing campaign using malicious remote desktop protocol files. 
  • Microsoft Threat Intelligence linked the spear-phishing campaign to Midnight Blizzard in a Tuesday report, warning that emails were sent to thousands of targets. The emails were sent to more than 100 organizations in government, defense and academia, among others, and in some cases impersonated Microsoft employees to lend credibility.
  • AWS identified internet domains abused by the threat group, which is also known as APT29 and affiliated with Russia’s Foreign Intelligence Service, CJ Moses, CISO and VP of security engineering at Amazon wrote in a post last week. The phishing campaign was launched in Ukraine and design to steal credentials from Russian adversaries, Moses said.

Dive Insight:

Microsoft researchers first observed the spear-phishing attacks on Oct. 22, with targets across dozens of countries, but mainly focused on the U.K., Europe, Japan and Australia. 

Once the RDP attachments compromised the targeted victim, a connection was made to a server controlled by the threat actor, exposing sensitive information, including hard disks, clipboard information, printers and audio and connected peripheral devices. 

CISA warned that organizations should restrict outbound RDP connections, prohibit RDP files from being transmitted through email clients and webmail servers and also block the execution of RDP files by users. Organizations should also enable multifactor authentication and deploy phishing-resistant authentication services, such as FIDO tokens. 

Microsoft researchers said the goal of the campaign is likely to collect intelligence. The threat group was linked to the 2020 Sunburst attacks when it was known as Nobelium. 

Midnight Blizzard previously hacked into the accounts of senior Microsoft executives earlier this year and gained access to federal agencies in the U.S.


Source link

Bookmark (0)
Please login to bookmark Close
RELATED ARTICLES
- Advertisment -spot_img

Most Popular

Sponsored Business

- Advertisment -spot_img