Kritikus Kibertámadás Értesítés: Külföldi Fenyegető Szereplő Célozza a Szervezeteket Rosszindulatú RDP Mellékletekkel

The Cybersecurity and Infrastructure Security Agency today issued a major alert about a sophisticated spear-phishing campaign hitting organizations across various sectors, especially government and IT. CISA said in an alert that the agency had received several reports of a foreign threat actor using a trusted disguise to distribute emails loaded with malicious RDP configuration files.

This allows the attacker unauthorized access to sensitive files on the network to stage further attacks, such as deploying malware to maintain long-term control.

Collaborating Cybersecurity Organizations

This high-severity alert from CISA is joined by warnings from several major cybersecurity groups, including:

• Microsoft: Identified a large-scale phishing campaign by a threat group known as “Midnight Blizzard,” which uses RDP files to gain access to networks.
• AWS Security: Cited internet domains employed by the notorious APT29 group for a spear-phishing attack.
• Centre for Cybersecurity Belgium: Reported government-themed spear-phishing campaigns using RDP configuration files.
• Computer Emergency Response Team of Ukraine (CERT-UA): Warned of RDP configuration files used for unauthorized remote access.

These organizations are working with CISA to monitor, contain, and investigate the impact of this spear-phishing campaign. CISA’s proactive measures aim to protect organizations from this new kind of threat and ensure that no further incidents occur.