Critical Cyber Alert: Foreign Threat Actor Targets Organizations with Malicious RDP Attachments
November 01, 2024 • César Daniel Barreto
The Cybersecurity and Infrastructure Security Agency today issued a major alert about a sophisticated spear-phishing campaign hitting organizations across various sectors, especially government and IT. CISA said in an alert that the agency had received several reports of a foreign threat actor using a trusted disguise to distribute emails loaded with malicious RDP configuration files.
This allows the attacker unauthorized access to sensitive files on the network to stage further attacks, such as deploying malware to maintain long-term control.
Collaborating Cybersecurity Organizations
This high-severity alert from CISA is joined by warnings from several major cybersecurity groups, including:
- Microsoft: Identified a large-scale phishing campaign by a threat group known as “Midnight Blizzard,” which uses RDP files to gain access to networks.
- AWS Security: Cited internet domains employed by the notorious APT29 group for a spear-phishing attack.
- Centre for Cybersecurity Belgium: Reported government-themed spear-phishing campaigns using RDP configuration files.
- Computer Emergency Response Team of Ukraine (CERT-UA): Warned of RDP configuration files used for unauthorized remote access.
These organizations are working with CISA to monitor, contain, and investigate the impact of this spear-phishing campaign. CISA’s proactive measures aim to protect organizations from this new kind of threat and ensure that no further incidents occur.
César Daniel Barreto
César Daniel Barreto is an esteemed cybersecurity writer and expert, known for his in-depth knowledge and ability to simplify complex cyber security topics. With extensive experience in network security and data protection, he regularly contributes insightful articles and analysis on the latest cybersecurity trends, educating both professionals and the public.