A new wave of advanced phishing attacks is hitting organizations around the world. Microsoft has warned about emails with a seemingly harmless file attached.
The danger lies in a special type of file that ends in RDP, which stands for Remote desktop protocol. These files are usually used for legitimate remote access to computers, for example for work from home or IT support. However, hackers have abused this method by attaching an official certificate from Let’s Encrypt to it. When someone opens that, the attackers get access to it a computer of the victim.
Russian hacker group
The attackers mainly target government agencies, defense agencies, universities and non-profit organizations, especially in Europe, Australia and Japan. According to Microsoft over a hundred groups have been affected so far, with at least a thousand individual victims. According to Microsoft, the Russian rogue group Midnight Blizzard, also known as APT29 and Cozy Bear, is behind the attacks.
Sensitive information
Once hackers gain access, they can capture sensitive information such as clipboard contents, access to connected devices, and even Windows security credentials such as web authentication using Windows Hello, passkeys or security keys. They can also place files on the computer or network to maintain long-term access.
We can’t open RDP files
To avoid becoming a victim, it is important not to open RDP files from unexpected emails, even if they look trustworthy. The attackers also try to capture your login information as soon as you open the file.
Read more news about it internet security and don’t miss anything with our revolution newsletter.
2024-10-30 21:05:00
#Microsoft #raising #alarm #dangerous #phishing #emails #heres #recognize
