Photo: depositphotos
Microsoft has detected an increase in phishing emails since 22 October, which have been sent to thousands of recipients in more than 100 organisations. According to the company, the Midnight Blizzard hacker group, which is linked to Russian intelligence, is conducting massive phishing attacks to gather intelligence.
Microsoft explains that attackers, in some cases posing as employees of the corporation or representatives of other cloud services, seek to deceive their way into confidential information. A feature of the latest attack is the use of a signed RDP configuration file to penetrate systems, which has become a new access vector for Midnight Blizzard.
This activity was also confirmed by the Ukrainian government’s Computer Emergency Response Team (CERT-UA) under the designation UAC-0215, as well as by Amazon.
As a reminder, Midnight Blizzard, also known as NOBELIUM, has been linked to Russia’s Foreign Intelligence Service. This group is focused on attacks on government and diplomatic institutions, NGOs and IT suppliers in the US and Europe, and has been repeatedly detected in major cyber campaigns, including attacks on cloud and technology service providers.
