Detail

Company claims to have detected distribution of “narrowly targeted phishing emails” at least since October 22. According to a report on Microsoft’s website, the purpose of this operation, according to him, is to gather intelligence information.

The Midnight Blizzard group sends emails to people associated with various sectors and industries. It is known that it generally targets both government and non-governmental organizations, IT service providers, academia and the defense sector. This campaign focused mostly on organizations in the US and Europe, but also impacted individuals in Australia and Japan.

Midnight Blizzard has already shipped As part of this campaign, thousands of phishing emails were sent to more than 100 organizationsMicrosoft explains that these emails contain a signed Remote Desktop Protocol (RDP) connection to a server that controls the group. The group used email addresses from real organizations stolen during previous activities to trick victims into thinking they were opening legitimate emails. He also used social engineering techniques to make the emails appear to be sent by Microsoft or Amazon Web Services employees.

• If someone clicks and opens the RDP attachment, a connection is established to a server controlled by Midnight Blizzard.
• Later attacker gains access to victim’s filesany network drives or peripherals (such as microphones and printers) connected to your computer, and their passwords, security keys, and other authentication information.
• It can also surreptitiously install additional malware onto the victim’s computer and network, including remote access Trojans, which it can use to remain on the victim’s system even after the original connection has been lost.

What is known about Midnight Blizzard

The group is known by many names, including Cozy Bear and APT29, but you may remember it as the entity behind the 2020 SolarWinds attacks, where it managed to infiltrate hundreds of organizations around the world.

Earlier this year, Midnight Blizzard also hacked the emails of several senior Microsoft executives and other employees, gaining access to communications between the company and its customers.

Microsoft has not said whether this campaign is related to the US presidential election, but advises potential victims to be more careful about protecting their systems.