Midnight Blizzard hacking group hijacks RDP proxies to launch malware attacks

Posted by:
Sarah Collins
Sat, 21 Dec
0 Comment
Feature image

An advanced persistent threat group dubbed Midnight Blizzard has been identified for launching a sophisticated spear-phishing campaign targeting military and government entities in the West. Utilizing red team methodologies and anonymization tools, the group exfiltrated sensitive data through a malicious RDP configuration file sent via spear-phishing emails. With the use of rogue RDP and a Python tool called PyRDP, the attackers intercepted victim connections, enabling them to access and exfiltrate sensitive data from target endpoints. Approximately 200 high-profile victims were targeted during the peak of the campaign in late October 2024, including government organizations, military entities, think tanks, and academic researchers in Europe, the United States, Japan, Ukraine, and Australia. Midnight Blizzard, also known as APT29 or Cozy Bear, is a Russian government-sponsored threat group primarily engaged in cyber-espionage activities in Western countries.

Tags:

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments