تنبيه سيبراني بالغ الأهمية: جهة تهديد أجنبية تستهدف المؤسسات بمرفقات RDP ضارة
01 نوفمبر 2024 • سيزار دانييل باريتو
The Cybersecurity and Infrastructure Security Agency today issued a major alert about a sophisticated spear-phishing campaign hitting organizations across various sectors, especially government and IT. CISA said in an alert that the agency had received several reports of a foreign threat actor using a trusted disguise to distribute emails loaded with malicious RDP configuration files.
This allows the attacker unauthorized access to sensitive files on the network to stage further attacks, such as deploying malware to maintain long-term control.
Collaborating Cybersecurity Organizations
This high-severity alert from CISA is joined by warnings from several major cybersecurity groups, including:
- Microsoft: Identified a large-scale phishing campaign by a threat group known as “Midnight Blizzard,” which uses RDP files to gain access to networks.
- AWS Security: Cited internet domains employed by the notorious APT29 group for a spear-phishing attack.
- Centre for Cybersecurity Belgium: Reported government-themed spear-phishing campaigns using RDP configuration files.
- Computer Emergency Response Team of Ukraine (CERT-UA): Warned of RDP configuration files used for unauthorized remote access.
These organizations are working with CISA to monitor, contain, and investigate the impact of this spear-phishing campaign. CISA’s proactive measures aim to protect organizations from this new kind of threat and ensure that no further incidents occur.
سيزار دانييل باريتو
سيزار دانييل باريتو كاتب وخبير مرموق في مجال الأمن السيبراني، معروف بمعرفته العميقة وقدرته على تبسيط مواضيع الأمن السيبراني المعقدة. وبفضل خبرته الواسعة في مجال أمن الشبكات وحماية البيانات، يساهم بانتظام بمقالات وتحليلات ثاقبة حول أحدث اتجاهات الأمن السيبراني، لتثقيف كل من المحترفين والجمهور.