The Russian hacking group known as Midnight Blizzard is targeting thousands of individuals with a new email phishing campaign. The group, linked to Russia’s Foreign Intelligence Service, is sending malicious emails to government agencies, universities, defense organizations, and NGOs in several countries. Microsoft has reported that the hackers are impersonating Microsoft employees in these emails.
They are attempting to trick recipients into downloading and running a malicious Remote Desktop Protocol (RDP) configuration file. When opened, this file connects the victim’s computer to a server controlled by the hackers. It gives the attackers access to system resources like hard drives, printers, and audio devices.
The file also allows them to install additional malware on the compromised machine. According to Microsoft, the primary goal of this operation appears to be intelligence gathering. Midnight Blizzard has a history of conducting cyber espionage.
Midnight Blizzard phishing tactics exposed
The group has been tied to high-profile attacks over the past decade, including breaches of US government networks. The Ukrainian Computer Emergency Response Team (CERT-UA) has also warned about this phishing campaign.
They note that running the malicious RDP file can expose user credentials on the targeted system. To defend against these attacks, Microsoft recommends blocking RDP files on email gateways. They also suggest preventing users from running RDP files and limiting RDP connections to internet resources with firewalls.
Indicators of compromise related to this campaign have been released by Microsoft. These include email sender domains, RDP files, and RDP remote computer domains used by the attackers. Midnight Blizzard’s tactics continue to evolve as they target victims across the globe.
Experts urge organizations to remain vigilant and take steps to secure their networks against these threats.
