this post was submitted on 17 Dec 2024
5 points (100.0% liked)

cybersecurity

3376 readers
13 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 2 years ago
MODERATORS
 

APT group Earth Koshchei, suspected to be sponsored by the SVR, executed a large-scale rogue RDP campaign using spear-phishing emails, red team tools, and sophisticated anonymization techniques to target high-profile sectors.

Summary

  • Earth Koshchei's rogue remote desktop protocol (RDP) campaign used an attack methodology involving an RDP relay, rogue RDP server, and a malicious RDP configuration file, leading to potential data leakage and malware installation.
  • Earth Koshchei is known for constantly innovating and using a variety of methods. In this campaign, they leveraged red team tools for espionage and data exfiltration.
  • The spear-phishing emails used in Earth Koshchei's campaign were designed to deceive recipients into using a rogue RDP configuration file, causing their machines to connect to one of the group's 193 RDP relays.
  • Earth Koshchei's campaign showed significant preparation, registering more than 200 domain names between August and October of this year.
  • The group used anonymization layers like commercial VPN services, TOR, and residential proxies to mask their operations, enhance their stealthiness, and complicate attribution efforts.
no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here