Midnight Blizzard hacking group hijacks RDP proxies to launch malware attacks

Almost 200 servers were used in a sophisticated cyber-espionage campaign

December 19, 2024 · 1 min · 72 words · Roberto Thompson

Table of Contents

When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.

The attack starts with a spear-phishing email carrying a malicious RDP configuration file.

If the victim runs it, it connects to an attacker-controlled RDP server.

A red padlock image against a digital map of the earth in blue.

Most of them are located in Europe, the United States, Japan, Ukraine, and Australia.

It is known for conducting cyber-espionage campaigns primarily in Western countries.

ViaBleepingComputer

You might also like#