Since October 22, representatives of Microsoft have recorded an increase in the distribution of phishing emails from government and defense agencies, as well as scientific and non-governmental organizations by the Midnight Blizzard hacker group, which is associated with Russia. This was reported by UNN with reference to the blog of the Microsoft Threat Intelligence team .
“Based on our investigation of previous Midnight Blizzard phishing campaigns, we estimate that the purpose of this operation is likely to be to gather intelligence,” the blog post says.
According to Microsoft, the emails were sent to thousands of recipients in more than 100 organizations. In some cases, the attackers impersonated Microsoft employees and referred to other cloud service providers.
While this campaign targets many of Midnight Blizzard's usual targets, the use of a signed RDP configuration file to gain access to target devices represents a new access vector for this agent. The coincidence of activity was also reported by the Ukrainian government's Computer Emergency Response Team (CERT-UA) under the designation UAC-0215, as well as by Amazon.
Midnight Blizzard is a threat source from Russia that the US and UK governments have linked to and the Russian Federation's foreign intelligence service, or SVR. It is known that Midnight Blizzard (NOBELIUM) primarily targets governments, diplomatic missions, NGOs, and IT service providers in the United States and Europe.
Recall
On October 25 , the State Service for Special Communications reported that the CERT-UA team had detected a new large-scale cyberattack aimed at local governments in Ukraine.