Categories: CyberCrimeSecurity

Russia Carrying Out Targeted Attacks In UK, Microsoft Warns

Microsoft and Amazon Web Services (AWS) have warned of targeted attacks by a Russian-backed group impersonating staff of the two companies.

The group, tracked by Microsoft as Midnight Blizzard and by AWS as APT29, is known for carrying out hacks on organisations and individuals to gather intelligence on behalf of Russia’s Foreign Intelligence Service (SVR).

The group has been sending out “highly targeted spear-phishing emails” to individuals in government, academia, defence, non-governmental organisations, and other sectors since 22 October, Microsoft said in an advisory.

The emails appear to be sent from addresses gathered during previous compromises in order to appear more authentic, Microsoft said.

Image credit: Unsplash

RDP attachment

They impersonate Microsoft or AWS employees and reference the concept of zero-trust as a social engineering lure.

Microsoft said it had tracked thousands of the emails sent to targets in more than 100 organisations.

They target dozens of countries, but particularly the UK, other European countries, Australia and Japan.

As a novel feature, the emails contain configuration file attachments for Remote Desktop Protocol (RDP) that attempt to establish a link from the user’s system to a remote attacker-controlled server.

The settings in the malicious attachment contain “several sensitive settings that would lead to significant information exposure”, Microsoft said.

Once a target system is compromised, it connects to the attacker’s server and bidirectionally maps the targeted user’s local device’s resources to the server.

Resources sent to the server may include all logical hard disks, clipboard contents, printers, connected peripheral devices, audio, and authentication features and facilities of Windows, including smart cards, Microsoft said.

This access would enable the attacker to install malware on the user’s local drives and mapped network shares or install tools such as remote access trojans to main access after the RDP session is closed.

“The process of establishing an RDP connection to the actor-controlled system may also expose the credentials of the user signed in to the target system,” the advisory stated.

Credential theft

Last week AWS said the group was targeting government agencies, companies, and militaries in an effort to steal credentials from Russian adversaries.

The campaign used Ukrainian-language emails and referenced AWS domains, while in reality attempting to steal Windows credentials through RDP, Amazon said.

Microsoft blamed Midnight Blizzard for an attack on its systems in January that allowed it to access emails and documents.

In June Microsoft president Brad Smith faced a US congressional panel to answer questions over that hack and another by China-linked hackers that accessed tens of thousands of corporate emails, as well as emails from US federal agencies and the Home Office that may have included authentication details.

Microsoft chief executive Satya Nadella asked the company’s board to reduce one of his incentives over the high-profile hacks, but his pay still soared 63 percent for Microsoft’s 2024 financial year.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 hours ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

3 hours ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

3 hours ago

Trump Media Briefly Worth More Than X

Truth Social parent company Trump Media sees shares rally and then sink as stock price…

4 hours ago

Reddit Shares Surge On First-Ever Profit

Social media service Reddit shows first-ever profit in nearly 20-year history as AI translation aids…

4 hours ago

Autumn Budget Hikes Business Taxes, Seeks Growth

First Labour Budget in 15 years includes increased payouts from businesses and capital gains, as…

5 hours ago