Microsoft issues warning for ongoing Russia-affiliated spear-phishing campaign

Date:

Share:


Microsoft has issued a warning about an ongoing spear-phishing campaign by a threat actor called Midnight Blizzard, which US and UK authorities previously linked to Russia’s intelligence agency. The company said it discovered that the bad actor has been sending out “highly targeted spear-phishing emails” since at least October 22 and that it believes the operation’s goal is to collect intelligence. Based on its observations, the group has been sending emails to individuals linked to various sectors, but it’s known for targeting both government and non-government organizations, IT service providers, academia and defense. In addition, while it mostly focuses on organizations in the US and in Europe, this campaign also targeted individuals in Australia and Japan.

Midnight Blizzard has already sent out thousands of spear-phishing emails to over 100 organizations for this campaign, Microsoft said, explaining that those emails contain a signed Remote Desktop Protocol (RDP) connected to a server the bad actor controls. The group used email addresses belonging to real organizations stolen during its previous activities, making targets think that they’re opening legitimate emails. It also used social engineering techniques to make it look like the emails were sent by employees from Microsoft or Amazon Web Services.

If someone clicks and opens the RDP attachment, a connection is established to the server Midnight Blizzard controls. It then gives the bad actor access to the target’s files, any network drives or peripherals (such as microphones and printers) connected to their computer, as well as their passkeys, security keys and other web authentication information. It could also install malware in the target’s computer and network, including remote-access trojans that it could use to remain in the victim’s system even after the initial connection has been cut off.

The group is known by many other names, such as Cozy Bear and APT29, but you might remember it as the threat actor behind the 2020 SolarWinds attacks, wherein it had managed to infiltrate hundreds of organizations around the world. It also broke into the emails of several senior Microsoft executives and other employees earlier this year, accessing communication between the company and its customers. Microsoft didn’t say whether this campaign has anything to do with the US Presidential Elections, but it’s advising potential targets to be more proactive in protecting their systems.

If you buy something through a link in this article, we may earn commission.



Source link

━ more like this

Homes evacuated as ‘radioactive’ material found in bags in Hammersmith West London – London Business News | Londonlovesbusiness.com

Around a dozen homes have been evacuated after workers found “radioactive” materials in bin bags close to a primary school...

The best iPhone 16 and iPhone 16 Pro cases for 2024

If you’ve just picked up one of the latest Apple iPhone 16 models, you may be wondering what the best way is to...

The Kobo Libra Colour ereader is $20 off in this Black Friday deal

If you’re in the market for a color ereader, one of Rakuten Kobo’s latest models is on sale for Black Friday. Today, you...

Euro crashes to the lowest levels seen since the energy crisis of 2022 – London Business News | Londonlovesbusiness.com

The composite eurozone PMI slumped to 48.1, thanks to an unexpected dive to 49.2 in the services sector that has...

Household energy bills set to rise which will be ‘a challenge for too many households’ – London Business News | Londonlovesbusiness.com

Ofgem has confirmed on Friday household energy bills will rise again from 1 January 2025 by 1.2% on the price...
spot_img