There is Microsoft warned US and UK authorities about an ongoing spear phishing campaign by a threat actor called Midnight Blizzard, which was previously linked to a Russian intelligence agency. The company said it discovered the bad actor had been sending “highly targeted spear phishing emails” since at least October 22, and believed the operation was aimed at gathering intelligence. Based on observations, the group sends emails to individuals associated with various sectors, but it is known to target both government and non-government organizations, IT service providers, academia and defense. Additionally, while it focused primarily on organizations in the US and Europe, the campaign also targeted individuals in Australia and Japan.
Midnight Blizzard has already sent thousands of phishing emails to more than 100 organizations for this campaign, which Microsoft said contained a signed Remote Desktop Protocol (RDP) connection to a server controlled by the bad actor. The group used email addresses belonging to real organizations that had been hijacked in previous operations, tricking targets into thinking they were opening legitimate emails. It also used social engineering techniques to make e-mails appear to be sent by Microsoft or Amazon Web Services employees.
If someone clicks and opens the RDP connection, a connection is made to the Midnight Blizzard controllers. It then gives the bad actor access to the target’s files, any network drives or peripherals connected to their computer (such as microphones and printers), as well as their access keys, security keys, and other web authentication information. It can also install malware on the target’s computer and network, including remote access trojans that it can use to remain on the victim’s system even after the initial connection is lost.
The group is known by many other names, such as Cozy Bear and APT29, but you may remember it as the threat actor behind 2020. SolarWinds attackswhere he managed to infiltrate hundreds of organizations around the world. He too accessed emails Earlier this year, several senior Microsoft executives and other employees, to obtain communication between the company and its customers. Microsoft has not said whether the campaign is related to the US presidential election, but it advises potential targets to be more proactive in protecting their systems.
If you buy something through a link in this article, we may earn a commission.
