this post was submitted on 30 Oct 2024
14 points (100.0% liked)

Cybersecurity

5927 readers
103 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago
MODERATORS
kid
[email protected]
14
Russia’s ‘Midnight Blizzard’ hackers target government workers in novel info-stealing campaign (therecord.media)
submitted 2 months ago by kid to c/cybersecurity
1 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] sbv 2 points 2 months ago

The campaign is ongoing and Microsoft tracked emails “sent to thousands of targets in over 100 organizations.” The emails contained configuration files for Remote Desktop Protocol (RDP) that are connected to servers controlled by the hackers.

...

Even security keys and point of sale devices could be affected by opening the RDP attachment. The access would allow hackers to install malware, map the victim’s network, install other tools and gain access to credentials.

...

The campaign was particularly noteworthy because the use of RDP configuration files was a novel advancement in Midnight Blizzard’s tactics. Microsoft noted that both Amazon and the Government Computer Emergency Response Team of Ukraine have seen similar activity.

I'm surprised that using RDP is novel for spear phishing, but Microsoft knows more about it than I do.