The HIPAA Journal reported:
A foreign threat actor tracked by Microsoft as Midnight Blizzard (aka APT29, Cozy Bear) is conducting a spear phishing campaign targeting organizations in multiple sectors, including government, defense, academia, non-governmental organizations (NGOs), information technology, and other sectors.
Its current campaign, which has been active since at least October 22, 2024, has involved thousands of spear phishing emails to individuals at more than 100 organizations worldwide. The threat actor poses as a trusted entity, including Microsoft and Amazon Web Services (AWS), and sends emails with a signed remote desktop protocol (RDP) file attachment.
The attached RDP configuration file establishes a connection with a server under Midnight Blizzard’s control.
Its current campaign, which has been active since at least October 22, 2024, has involved thousands of spear phishing emails to individuals at more than 100 organizations worldwide. The threat actor poses as a trusted entity, including Microsoft and Amazon Web Services (AWS), and sends emails with a signed remote desktop protocol (RDP) file attachment.
The attached RDP configuration file establishes a connection with a server under Midnight Blizzard’s control.
Find the original article here.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat