Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files


Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors.

This activity is ongoing, and Microsoft will continue to investigate and provide updates as available. Based on our investigation of previous Midnight Blizzard spear-phishing campaigns, we assess that the goal of this operation is likely intelligence collection. Microsoft is releasing this blog to notify the public and disrupt this threat actor activity. This blog provides context on these external spear-phishing attempts, which are common attack techniques and do not represent any new compromise of Microsoft.

Read more…
Source: Microsoft


Sign up for our Newsletter


Related:

  • Deep Dive Into a Linux Rootkit Malware

    January 13, 2025

    This is a follow-up analysis to a previous blog about a zero day exploit where the FortiGuard Incident Response (FGIR) team examined how remote attackers exploited multiple vulnerabilities in an appliance to gain control of a customer’s system. At the end of that blog, Fortinet researchers revealed that the remote attacker had deployed a rootkit (a ...

  • Nominet confirms cybersecurity incident linked to Ivanti VPN hacks

    January 13, 2025

    Nominet, the U.K. domain registry that maintains .co.uk domains, has experienced a cybersecurity incident that it confirmed is linked to the recent exploitation of a new Ivanti VPN vulnerability. In an email to customers, seen by TechCrunch, Nominet warned of an “ongoing security incident” under investigation. Nominet said hackers accessed its systems via “third-party VPN software ...

  • UK: Hackney Council still addressing 2020 cyber attack

    January 13, 2025

    Hackney Council has bought a new housing management system – technology that supports local authorities manage housing – as it tries to address the damage from a cyber attack four years ago. The October 2020 cyber attack left a lasting impact on services during a housing crisis which, according to the Local Democracy Report, has seen ...

  • Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA

    January 11, 2025

    Today FortiGuard Labs is releasing this blog post about a case where an advanced adversary was observed exploiting three vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). At the time of our investigation, two out of the three identified vulnerabilities were not publicly known. This incident is a prime example of how threat actors chain zero-day ...

  • Meet FunkSec: A New, Surprising Ransomware Group, Powered by AI

    January 10, 2025

    The FunkSec ransomware group emerged in late 2024 and published over 85 victims in December, surpassing every other ransomware group that month. FunkSec operators appear to use AI-assisted malware development, which can enable even inexperienced actors to quickly produce and refine advanced tools. The group’s activities straddle the line between hacktivism and cybercrime, complicating efforts to ...

  • Cracking the Code: How Banshee Stealer Targets macOS Users

    January 9, 2025

    Since September, Check Point Research (CPR) has been monitoring a new version of the Banshee macOS Stealer, a malware that steals browser credentials, cryptocurrency wallets, and other sensitive data. Undetected for over two months, Banshee’s latest version introduced string encryption taken from Apple’s XProtect, likely causing antivirus detection systems to overlook the malware. Threat actors distributed ...