• Midnight Blizzard hacking group hijacks RDP proxies to launch mal

    From TechnologyDaily@1337:1/100 to All on Thursday, December 19, 2024 16:15:05
    Midnight Blizzard hacking group hijacks RDP proxies to launch malware attacks

    Date:
    Thu, 19 Dec 2024 16:14:00 +0000

    Description:
    Almost 200 servers were used in a sophisticated cyber-espionage campaign targeting Western governments and think tanks.

    FULL STORY ======================================================================Trend Micro spots sophisticated spear-phishing campaign targeting military and government targets It uses almost 200 RDP proxies to gain access to endpoints The total number of victims is in the hundreds

    AN advanced persistent threat, known as Midnight Blizzard, HAS launched a large-scale spear phishing attack that targeted governments, military organizations, and academic researchers in the West.

    The group exploited red team methodologies and anonymization tools, as it exfiltrated sensitive data from their targets IT infrastructure,
    cybersecurity researchers from Trend Micro has revealed.

    In a report, the researchers said the group utilized a rogue Remote Desktop Protocol (RDP) and a Python-based tool called PyRDP. The attack starts with a spear-phishing email carrying a malicious RDP configuration file. If the victim runs it, it connects to an attacker-controlled RDP server. On Russia's payroll

    The campaign used 34 rogue RDP backend servers in combination with 193 proxy servers to redirect victim connections and mask the attackers' activities.

    Once the victim is connected, the crooks use PyRDP to intercept the connection, acting as a man-in-the-middle (MitM). Then, with access to target endpoints, the attackers could browse files, exfiltrate sensitive data, and more.

    While the total number of victims across the entire campaign is unclear,
    Trend Micro says that approximately 200 high-profile victims were targeted in a single day, when the campaign was at its peak, in late October 2024.

    The victims were government and military organizations, think tanks and academic researchers, entities related to the Ukrainian government, a cloud service provider, and entities associated with the Netherlands Ministry of Foreign Affairs.

    Most of them are located in Europe, the United States, Japan, Ukraine, and Australia.

    To put things into more context, its worth noting that Midnight Blizzard is also known as APT29, Earth Koschchei, or Cozy Bear. Its a sophisticated advanced persistent threat group sponsored by the Russian government and
    under direct control of the Russian Foreign Intelligence Service (SVR). It is known for conducting cyber-espionage campaigns primarily in Western
    countries.

    Via BleepingComputer You might also like Hundreds of malware-laden fake npm packages posted online to try and trick developers Here's a list of the best antivirus These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/midnight-blizzard-hacking-group-hijacks -rdp-proxies-to-launch-malware-attacks


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)