Russian hackers have been sending a series of highly targeted spear-phishing emails to US government officials, academia, defense, and non-governmental organizations, according to Microsoft.
On Tuesday (Oct 29), the tech firm said in a blog post that based on its investigation of previous Midnight Blizzard spear-phishing campaigns, it assessed that the goal of this operation is “likely intelligence collection.”
It added that the threat actor had sent spear-phishing emails to “thousands of targets in over 100 organizations and contained a signed Remote Desktop Protocol (RDP) configuration file that connected to an actor-controlled server.”
📢 New @MsftSecIntel threat report.
🇷🇺 Russian threat actor Midnight Blizzard (NOBELIUM) launched a large-scale spear-phishing campaign using signed RDP files, targeting 100+ organizations, mainly in the UK, Europe, Australia, and Japan #threatintelhttps://t.co/XyEDbqIi4B pic.twitter.com/W9aWyAQStN
— Thomas Roccia 🤘 (@fr0gger_) October 30, 2024
The company also stated that in some instances, hackers impersonated Microsoft employees, as well as other cloud providers. The term phishing refers to using links in social media and email to lure users to visit a malicious website or to download a malicious file. Spear phishing uses the same principle but targets individuals rather than a mass audience.
The latest campaign intensifies growing concerns about the United States’ challenges in countering suspected Russian and Chinese hackers. On Friday (Oct. 25), the FBI announced it is investigating unauthorized access by Chinese state-linked hackers targeting the commercial telecommunications sector.
Microsoft describes Midnight Blizzard as a Russian threat actor attributed by the US and United Kingdom governments to the Foreign Intelligence Service of the Russian Federation, also known as the SVR.
Microsoft says Russian hackers ‘consistent and persistent’
Throughout the year, the company has said the group has attacked several systems. ReadWrite reported in July that Midnight Blizzard may have accessed customers’ emails following a 2023 breach, using a password spray attack.
While in January, Microsoft confirmed it was the subject of a hacking attack in what is said to have been a targeted recon mission.
The hackers, also known as APT29, Cozy Bear, and Nobelium, are considered responsible for the 2020 infiltration of SolarWinds’ Orion platform.
The tech giant has said: “Midnight Blizzard is consistent and persistent in its operational targeting, and its objectives rarely change.”
Featured image: Ideogram