Microsoft says Russian hackers have launched major spear phishing attacks against US government officials

3 weeks ago

(Image credit: Shutterstock)

Infamous Russian-linked threat character Midnight Blizzard has been targeting US officials pinch spear phishing attacks crossed a scope of authorities and non-government sectors, caller investigation has claimed..

Findings released by Microsoft Threat Intelligence authorities Midnight Blizzard has been utilizing these attacks to stitchery accusation since first being observed connected October 22.

These campaigns person besides been observed and confirmed by Amazon and nan Government Computer Emergency Response Team of Ukraine.

Highly targeted spear phishing

The latest spear phishing attacks utilize a beardown societal engineering aspect, relying connected Microsoft, Amazon Web Services (AWS) and Zero Trust hooks to lure targets into opening Remote Desktop Protocol (RPD) loaded files attached to emails. These files efficaciously let Midnight Blizzard to power features and resources of nan target strategy done a distant server.

Midnight Blizzard would besides beryllium capable to behaviour important accusation gathering connected afflicted devices done mapping nan target’s section instrumentality resources, including accusation connected “all logical difficult disks, clipboard contents, printers, connected peripheral devices, audio, and authentication features and accommodation of nan Windows operating system, including smart cards.”

This mapping would hap each clip nan target instrumentality connects to nan RDP server. Through nan connection, Midnight Blizzard tin instal distant entree trojans (RAT) to found persistent entree erstwhile nan instrumentality is not connected to nan RDP server.

As a result, Midnight Blizzard would beryllium capable to instal malware connected some nan target instrumentality and different devices connected nan aforesaid network, alongside nan imaginable for credential theft during nan RDP connection.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

The run has truthful acold targeted officials successful governmental agencies, higher education, defense, and non-governmental organizations crossed nan UK, Europe, Australia and Japan. You tin spot nan afloat specifications connected Microsoft’s mitigation measures here.

More from TechRadar Pro

These are nan best endpoint protection solutions
Google Chrome cooky encryption strategy tin beryllium easy bypassed, experts warn
Take a look astatine nan best business VPNs

Benedict has been penning astir information issues for complete 7 years, first focusing connected geopolitics and world relations while astatine nan University of Buckingham. During this clip he studied BA Politics pinch Journalism, for which he received a second-class honours (upper division), then continuing his studies astatine a postgraduate level, achieving a favoritism successful MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro arsenic a Staff Writer, Benedict transitioned his attraction towards cybersecurity, exploring state-sponsored threat actors, malware, societal engineering, and nationalist security. Benedict is besides an master connected B2B information products, including firewalls, antivirus, endpoint security, and password management.

Source Technology