----------------------------------------------------------------------------------
@MSGID: 28828.politicf@1:2320/105 2b894180
@REPLY:
@TZUTC: -0500
@PID: Synchronet 3.20a-Linux master/acc19483f Apr 26
202 GCC 12.2.0
@TID: SBBSecho 3.20-Linux master/acc19483f Apr 26
2024 23:04 GCC 12.2.0
@BBSID: CAPCITY2
@CHRS: ASCII 1
Microsoft says Russian hackers have launched major spear phishing attacks
against US government officials
Date:
Wed, 30 Oct 2024 14:47:50 +0000
Description:
Midnight Blizzard is using complex social engineering campaigns to spear
phish officials around the world, Microsoft claims.
FULL STORY
======================================================================
Infamous Russian-linked threat actor Midnight Blizzard has been targeting US
officials with spear phishing attacks across a range of government and
non-government sectors, new research has claimed..
Findings released by Microsoft Threat Intelligence state Midnight Blizzard
has been using these attacks to gather information since first being observed
on October 22.
These campaigns have also been observed and confirmed by Amazon and the
Government Computer Emergency Response Team of Ukraine. Highly targeted spear
phishing
The latest spear phishing attacks utilize a strong social engineering aspect,
relying on Microsoft, Amazon Web Services (AWS) and Zero Trust hooks to lure
targets into opening Remote Desktop Protocol (RPD) loaded files attached to
emails. These files effectively allow Midnight Blizzard to control features
and resources of the target system through a remote server.
Midnight Blizzard would also be able to conduct significant information
gathering on afflicted devices through mapping the targets local device
resources, including information on all logical hard disks, clipboard
contents, printers, connected peripheral devices, audio, and authentication
features and facilities of the Windows operating system, including smart
cards.
This mapping would occur each time the target device connects to the RDP
server. Through the connection, Midnight Blizzard can install remote access
trojans (RAT) to establish persistent access when the device is not connected
to the RDP server.
As a result, Midnight Blizzard would be able to install malware on both the
target device and other devices on the same network, alongside the potential
for credential theft during the RDP connection.
The campaign has so far targeted officials in governmental agencies, higher
education, defense, and non-governmental organizations across the UK, Europe,
Australia and Japan. You can see the full details on Microsofts mitigation
measures at the link below.
======================================================================
Link to news story:
https://www.techradar.com/pro/microsoft-says-russian-hackers-have-launched-maj
or-spear-phishing-attacks-against-us-government-officials
* SLMR 2.1a * Backup corrupted: (A)bort (R)etry (P)anic (H)ammer
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 50/109 80/1 103/705 104/119 116/17 18
120/616 123/10 154/10 30 50
SEEN-BY: 154/700 218/700 220/90 221/1 6 226/18 44
50 229/310 240/1120 280/464
SEEN-BY: 301/1 113 123 335/364 341/66 467/888
712/848 2320/0 105 304 401
SEEN-BY: 3634/12 5000/111 5001/100 5005/49 5020/715
846 848 1042 4441 12000
SEEN-BY: 5030/49 1081 5054/8 5061/133 5075/128
5083/444
@PATH: 2320/105 154/10 301/1 5020/1042 4441