Microsoft has warned of an ongoing spear phishing campaign for intelligence gathering by the Russian state-linked threat actor Midnight Blizzard, Cozy Bear, APT29, Dukes, Yttrium, or UNC2452. The cybercrime group is linked to Russia’s Foreign Intelligence Service (SVR).
“Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors,” Microsoft said.
The Redmond, Washington-based tech giant says the campaign leverages a “signed Remote Desktop Protocol (RDP) configuration file that connected to an actor-controlled server.”
More Info