• sbv@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    2
    ·
    18 days ago

    The campaign is ongoing and Microsoft tracked emails “sent to thousands of targets in over 100 organizations.” The emails contained configuration files for Remote Desktop Protocol (RDP) that are connected to servers controlled by the hackers.

    Even security keys and point of sale devices could be affected by opening the RDP attachment. The access would allow hackers to install malware, map the victim’s network, install other tools and gain access to credentials.

    The campaign was particularly noteworthy because the use of RDP configuration files was a novel advancement in Midnight Blizzard’s tactics. Microsoft noted that both Amazon and the Government Computer Emergency Response Team of Ukraine have seen similar activity.

    I’m surprised that using RDP is novel for spear phishing, but Microsoft knows more about it than I do.