Microsoft issues warning for ongoing Russia-affiliated spear-phishing campaign

Microsoft has issued a warning about an ongoing spear-phishing campaign by a threat actor called Midnight Blizzard, which US and UK authorities previously linked to Russia’s intelligence agency. The company said it discovered that the bad actor has been sending out “highly targeted spear-phishing emails” since at least October 22 and that it believes the operation’s goal is to collect intelligence. Based on its observations, the group has been sending emails to individuals linked to various sectors, but it’s known for targeting both government and non-government organizations, IT service providers, academia and defense. In addition, while it mostly focuses on organizations in the US and in Europe, this campaign also targeted individuals in Australia and Japan.

Midnight Blizzard has already sent out thousands of spear-phishing emails to over 100 organizations for this campaign, Microsoft said, explaining that those emails contain a signed Remote Desktop Protocol (RDP) connected to a server the bad actor controls. The group used email addresses belonging to real organizations stolen during its previous activities, making targets think that they’re opening legitimate emails. It also used social engineering techniques to make it look like the emails were sent by employees from Microsoft or Amazon …read more