Sign up to save your podcasts
Or
Share Episode 113: Phishing with Malicious RDP Files
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 113: Phishing with Malicious RDP Files
In this episode, we're talking about a significant development in the cyber threat landscape. There has been a surge in activity from a group known as Midnight Blizzard, also known as APT29. They're a sophisticated Russian state-sponsored group, and their primary targets are governments, diplomats, NGOs, and IT service providers, mainly in the US and Europe. What's really alarming is their recent shift in tactics. They're now using malicious RDP files in their spear-phishing campaigns, which is a new approach for them. This indicates they are evolving their methods, becoming even more dangerous. RDP is commonly used in corporate environments for remote access to resources, so many organizations have it enabled and may not be blocking RDP files, making them an ideal attack vector.
Amazon identified internet domains abused by APT29 | AWS Security Blog: https://aws.amazon.com/blogs/security/amazon-identified-internet-domains-abused-by-apt29/
Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments | CISA: https://www.cisa.gov/news-events/cybersecurity-alerts-advisories/aa24-329a
Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files _ Microsoft Security Blog.pdf: The URL for this source was not provided.
Rogue RDP – Revisiting Initial Access Methods - Black Hills Information Security: https://www.blackhillsinfosec.com/rogue-rdp-revisiting-initial-access-methods/
Rogue RDP: Bring Your Own Server | Mike Felch | 1-Hour: https://www.youtube.com/watch?v=y1Y-t7fDwXU
Warning: Government-themed Phishing with RDP Attachments | CCB Safeonweb: https://www.safeonweb.be/en/news/warning-government-themed-phishing-rdp-attachments
Rogue RDP Attack Detection: UAC-0215 Leverages RDP Configuration Files to Gain Remote Access to Ukrainian Public Sector Computers - SOC Prime: https://socprime.com/blog/rogue-rdp-attack-detection-uac-0215-leverages-rdp-configuration-files-to-gain-remote-access-to-ukrainian-public-sector-computers/
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Follow Spencer on social ⬇
Spencer's Links: https://go.spenceralessi.com/links
Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal assume breach pentesting here.
View all episodes
By SecurIT360
5
1414 ratings
In this episode, we're talking about a significant development in the cyber threat landscape. There has been a surge in activity from a group known as Midnight Blizzard, also known as APT29. They're a sophisticated Russian state-sponsored group, and their primary targets are governments, diplomats, NGOs, and IT service providers, mainly in the US and Europe. What's really alarming is their recent shift in tactics. They're now using malicious RDP files in their spear-phishing campaigns, which is a new approach for them. This indicates they are evolving their methods, becoming even more dangerous. RDP is commonly used in corporate environments for remote access to resources, so many organizations have it enabled and may not be blocking RDP files, making them an ideal attack vector.
Amazon identified internet domains abused by APT29 | AWS Security Blog: https://aws.amazon.com/blogs/security/amazon-identified-internet-domains-abused-by-apt29/
Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments | CISA: https://www.cisa.gov/news-events/cybersecurity-alerts-advisories/aa24-329a
Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files _ Microsoft Security Blog.pdf: The URL for this source was not provided.
Rogue RDP – Revisiting Initial Access Methods - Black Hills Information Security: https://www.blackhillsinfosec.com/rogue-rdp-revisiting-initial-access-methods/
Rogue RDP: Bring Your Own Server | Mike Felch | 1-Hour: https://www.youtube.com/watch?v=y1Y-t7fDwXU
Warning: Government-themed Phishing with RDP Attachments | CCB Safeonweb: https://www.safeonweb.be/en/news/warning-government-themed-phishing-rdp-attachments
Rogue RDP Attack Detection: UAC-0215 Leverages RDP Configuration Files to Gain Remote Access to Ukrainian Public Sector Computers - SOC Prime: https://socprime.com/blog/rogue-rdp-attack-detection-uac-0215-leverages-rdp-configuration-files-to-gain-remote-access-to-ukrainian-public-sector-computers/
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Follow Spencer on social ⬇
Spencer's Links: https://go.spenceralessi.com/links
Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal assume breach pentesting here.
More shows like The Cyber Threat Perspective
View all
Security Now (Audio)
2,003 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
370 Listeners
Risky Business
373 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
638 Listeners
CyberWire Daily
1,017 Listeners
Smashing Security
322 Listeners
Click Here
416 Listeners
Darknet Diaries
8,002 Listeners
Cybersecurity Today
175 Listeners
Hacking Humans
313 Listeners
CISO Series Podcast
188 Listeners
Defense in Depth
73 Listeners
2.5 Admins
99 Listeners
Cyber Security Headlines
134 Listeners
Hacker And The Fed
169 Listeners