Midnight Blizzard hacking group hijacks RDP proxies to launch malware attacks
Posted by:
Sarah Collins
An advanced persistent threat group dubbed Midnight Blizzard has been identified for launching a sophisticated spear-phishing campaign targeting military and government entities in the West. Utilizing red team methodologies and anonymization tools, the group exfiltrated sensitive data through a malicious RDP configuration file sent via spear-phishing emails. With the use of rogue RDP and a Python tool called PyRDP, the attackers intercepted victim connections, enabling them to access and exfiltrate sensitive data from target endpoints. Approximately 200 high-profile victims were targeted during the peak of the campaign in late October 2024, including government organizations, military entities, think tanks, and academic researchers in Europe, the United States, Japan, Ukraine, and Australia. Midnight Blizzard, also known as APT29 or Cozy Bear, is a Russian government-sponsored threat group primarily engaged in cyber-espionage activities in Western countries.
Recent Posts1
12 Days of OpenAI ends with a new model for the new year
December 22, 2024
Only 15% of Steam users have played games released in 2024, but why?
December 22, 2024
