Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files

SUMMARY :

On October 22, 2024, Microsoft identified a spear-phishing campaign in which Midnight Blizzard sent phishing emails to thousands of users in over 100 organizations. The emails were highly targeted, using social engineering lures relating to Microsoft, Amazon Web Services (AWS), and the concept of Zero Trust. The emails contained a Remote Desktop Protocol (RDP) configuration file signed with a LetsEncrypt certificate. RDP configuration (.RDP) files summarize automatic settings and resource mappings that are established when a successful connection to an RDP server occurs.

OPENCTI LABELS :

backdoor,phishing,rdp,russia,apt29,remote desktop,campaign,unc2452,midnight blizzard,cozy bear,hustlecon


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files