Sign up to save your podcasts
Or
Share Episode 113: Phishing with Malicious RDP Files
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 113: Phishing with Malicious RDP Files
In this episode, we're talking about a significant development in the cyber threat landscape. There has been a surge in activity from a group known as Midnight Blizzard, also known as APT29. They're a sophisticated Russian state-sponsored group, and their primary targets are governments, diplomats, NGOs, and IT service providers, mainly in the US and Europe. What's really alarming is their recent shift in tactics. They're now using malicious RDP files in their spear-phishing campaigns, which is a new approach for them. This indicates they are evolving their methods, becoming even more dangerous. RDP is commonly used in corporate environments for remote access to resources, so many organizations have it enabled and may not be blocking RDP files, making them an ideal attack vector.
Amazon identified internet domains abused by APT29 | AWS Security Blog: https://aws.amazon.com/blogs/security/amazon-identified-internet-domains-abused-by-apt29/
Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments | CISA: https://www.cisa.gov/news-events/cybersecurity-alerts-advisories/aa24-329a
Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files _ Microsoft Security Blog.pdf: The URL for this source was not provided.
Rogue RDP – Revisiting Initial Access Methods - Black Hills Information Security: https://www.blackhillsinfosec.com/rogue-rdp-revisiting-initial-access-methods/
Rogue RDP: Bring Your Own Server | Mike Felch | 1-Hour: https://www.youtube.com/watch?v=y1Y-t7fDwXU
Warning: Government-themed Phishing with RDP Attachments | CCB Safeonweb: https://www.safeonweb.be/en/news/warning-government-themed-phishing-rdp-attachments
Rogue RDP Attack Detection: UAC-0215 Leverages RDP Configuration Files to Gain Remote Access to Ukrainian Public Sector Computers - SOC Prime: https://socprime.com/blog/rogue-rdp-attack-detection-uac-0215-leverages-rdp-configuration-files-to-gain-remote-access-to-ukrainian-public-sector-computers/
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Follow Spencer on social ⬇
Spencer's Links: https://go.spenceralessi.com/mylinks
Work with Us: https://securit360.com
View all episodes
By SecurIT360
5
1212 ratings
In this episode, we're talking about a significant development in the cyber threat landscape. There has been a surge in activity from a group known as Midnight Blizzard, also known as APT29. They're a sophisticated Russian state-sponsored group, and their primary targets are governments, diplomats, NGOs, and IT service providers, mainly in the US and Europe. What's really alarming is their recent shift in tactics. They're now using malicious RDP files in their spear-phishing campaigns, which is a new approach for them. This indicates they are evolving their methods, becoming even more dangerous. RDP is commonly used in corporate environments for remote access to resources, so many organizations have it enabled and may not be blocking RDP files, making them an ideal attack vector.
Amazon identified internet domains abused by APT29 | AWS Security Blog: https://aws.amazon.com/blogs/security/amazon-identified-internet-domains-abused-by-apt29/
Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments | CISA: https://www.cisa.gov/news-events/cybersecurity-alerts-advisories/aa24-329a
Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files _ Microsoft Security Blog.pdf: The URL for this source was not provided.
Rogue RDP – Revisiting Initial Access Methods - Black Hills Information Security: https://www.blackhillsinfosec.com/rogue-rdp-revisiting-initial-access-methods/
Rogue RDP: Bring Your Own Server | Mike Felch | 1-Hour: https://www.youtube.com/watch?v=y1Y-t7fDwXU
Warning: Government-themed Phishing with RDP Attachments | CCB Safeonweb: https://www.safeonweb.be/en/news/warning-government-themed-phishing-rdp-attachments
Rogue RDP Attack Detection: UAC-0215 Leverages RDP Configuration Files to Gain Remote Access to Ukrainian Public Sector Computers - SOC Prime: https://socprime.com/blog/rogue-rdp-attack-detection-uac-0215-leverages-rdp-configuration-files-to-gain-remote-access-to-ukrainian-public-sector-computers/
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Follow Spencer on social ⬇
Spencer's Links: https://go.spenceralessi.com/mylinks
Work with Us: https://securit360.com
More shows like The Cyber Threat Perspective
View all
Risky Business
360 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
367 Listeners
Hacked
179 Listeners
CyberWire Daily
1,014 Listeners
Smashing Security
314 Listeners
Click Here
393 Listeners
Darknet Diaries
7,855 Listeners
Cybersecurity Today
167 Listeners
CISO Series Podcast
187 Listeners
Hacking Humans
314 Listeners
Defense in Depth
78 Listeners
Cyber Security Headlines
117 Listeners
Risky Bulletin
33 Listeners
Hacker And The Fed
158 Listeners