Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files


Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors.

This activity is ongoing, and Microsoft will continue to investigate and provide updates as available. Based on our investigation of previous Midnight Blizzard spear-phishing campaigns, we assess that the goal of this operation is likely intelligence collection. Microsoft is releasing this blog to notify the public and disrupt this threat actor activity. This blog provides context on these external spear-phishing attempts, which are common attack techniques and do not represent any new compromise of Microsoft.

Read more…
Source: Microsoft


Sign up for our Newsletter


Related:

  • New Star Blizzard spear-phishing campaign targets WhatsApp accounts

    January 16, 2025

    Star Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link. The sender address used by the threat actor ...

  • How to Mitigate the Risk of Rogue Employees

    January 16, 2025

    Rogue employees present significant financial and cybersecurity risks to organizations. Rapid7 threat researchers and penetration testers are actively observing how malicious actors exploit hiring pipelines to infiltrate businesses. This blog highlights real-world tactics, including: Insider Reconnaissance: Rogue applicants leveraging interviews to map office layouts, identify vulnerable devices, and even plant malware during site visits. Read more… Source: Rapid7 Sign up ...

  • PlugX malware deleted from thousands of systems by FBI

    January 16, 2025

    The FBI says it has removed PlugX malware from thousands of infected computers worldwide. The move came after suspicion that cybercriminals groups under control of the People’s Republic of China (PRC) used a version of PlugX malware to control, and steal information from victims’ computers. PlugX has been around since at least 2008 but is under ...

  • UK: Personal data stolen in cyber-attack on council

    January 16, 2025

    Gateshead Council said it is not known how many residents have been affected by the attack, which happened in the early hours of 8 January. Officials at the authority have advised people to watch out for phishing emails or fraudulent activity, and to change passwords if they are concerned about suspicious activity. The council said it ...

  • Multi-Vector DDoS Attacks: What They Are and How to Stay Protected

    January 15, 2025

    Multi-vector DDoS attacks have emerged as one of the biggest challenges in cybersecurity today. The number of such incidents has been growing significantly year over year. In this article, we’ll break down what multi-vector attacks are, how they work, and why they’re such a pressing threat. As DDoS attacks evolve, it becomes increasingly difficult to combat ...

  • Hackers are exploiting a new Fortinet firewall bug to breach company networks

    January 14, 2025

    Security researchers say malicious hackers have been exploiting a newly discovered vulnerability in Fortinet firewalls to break into corporate and enterprise networks. In an advisory published Tuesday, security product maker Fortinet confirmed that a critical-rated vulnerability in its FortiGate firewalls, tracked as CVE-2024-55591, is “being exploited in the wild.” Fortinet made patches available, but security researchers ...