Malicious RDP Files Identified in Latest Attack on Ukrainian Entities
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
CERT-UA has uncovered a new malicious email campaign targeting Ukrainian government agencies, enterprises, and military entities. The campaign uses RDP configuration files to establish remote connections, enabling data theft and further malware deployment. Attributed to UAC-0215 and linked to APT29, the operation exploits popular services like Amazon and Microsoft. Infrastructure preparation began in August 2024, with potential to spread beyond Ukraine. Amazon has seized impersonating domains to neutralize the threat. CERT-UA also warned of other attacks, including a large-scale operation stealing confidential information (UAC-0218) and a ClickFix-style campaign possibly linked to APT28.
OPENCTI LABELS :
phishing,rdp,ukraine,apt28,aws,uac-0218,uac-0215,domain seizure,homesteel,cert-ua
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Malicious RDP Files Identified in Latest Attack on Ukrainian Entities