On October 22, 2024, Microsoft identified a spear-phishing campaign in which Midnight Blizzard sent phishing emails to thousands of users in over 100 organizations. The emails were highly targeted, using social engineering lures relating to Microsoft, Amazon Web Services (AWS), and the concept of Zero Trust. The emails contained a Remote Desktop Protocol (RDP) configuration file signed with a LetsEncrypt certificate. RDP configuration (.RDP) files summarize automatic settings and resource mappings that are established when a successful connection to an RDP server occurs. Author: AlienVault
Related Tags:
UNC2452
Midnight Blizzard
HustleCon
campaign
apt29
remote desktop
rdp
russia
T1199
Associated Indicators:
sellar.co.uk
townoflakelure.com
swpartners.com.au
cewalton.com