Microsoft says Russian hackers have launched major spear phishing attacks against US government officials

News
By published

Officials across a range of sectors hit by targeted spear phishing campaigns

government computers
(Image credit: Shutterstock)

Infamous Russian-linked threat actor Midnight Blizzard has been targeting US officials with spear phishing attacks across a range of government and non-government sectors, new research has claimed..

Findings released by Microsoft Threat Intelligence state Midnight Blizzard has been using these attacks to gather information since first being observed on October 22.

These campaigns have also been observed and confirmed by Amazon and the Government Computer Emergency Response Team of Ukraine.

Highly targeted spear phishing

The latest spear phishing attacks utilize a strong social engineering aspect, relying on Microsoft, Amazon Web Services (AWS) and Zero Trust hooks to lure targets into opening Remote Desktop Protocol (RPD) loaded files attached to emails. These files effectively allow Midnight Blizzard to control features and resources of the target system through a remote server.

Midnight Blizzard would also be able to conduct significant information gathering on afflicted devices through mapping the target’s local device resources, including information on “all logical hard disks, clipboard contents, printers, connected peripheral devices, audio, and authentication features and facilities of the Windows operating system, including smart cards.”

This mapping would occur each time the target device connects to the RDP server. Through the connection, Midnight Blizzard can install remote access trojans (RAT) to establish persistent access when the device is not connected to the RDP server.

As a result, Midnight Blizzard would be able to install malware on both the target device and other devices on the same network, alongside the potential for credential theft during the RDP connection.

The campaign has so far targeted officials in governmental agencies, higher education, defense, and non-governmental organizations across the UK, Europe, Australia and Japan. You can see the full details on Microsoft’s mitigation measures here.

More from TechRadar Pro

Benedict Collins
Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Read more
Russia
Major Russian hacking group shifts focus to US and UK targets
A smartphone on a sofa showing the WhatsApp, Telegram and Signal apps
Russian criminal gang Star Blizzard found hitting WhatsApp accounts
Phishing
Russian cyberattackers spotted hitting Microsoft Teams with new phishing campaign
China
Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data
Closing the cybersecurity skills gap
HPE starts contacting victims of 2023 Russian cyberattack
QR Code
Hackers are targeting Signal with new QR code-linked cyberattack
Latest in Pro
FlexiSpot office furniture next to a TechRadar-branded badge that reads Big Savings.
Upgrade your home office for under $500 in the Amazon Spring Sale: My top picks and biggest savings
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
An AI face in profile against a digital background.
Smarter, faster, better: how AI is elevating the customer experience industry
Latest in News
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
Zotac Gaming RTX 5090 Graphics Card
Nvidia Blackwell stock woes are compounded by price hikes as more RTX 5090 GPUs soar in pricing, and I’m sick and tired of it all at this point
A collage of Elizabeth Olsen's Scarlet Witch and Tatiana Maslany's She-Hulk
Marvel fans are already tired of Doomsday and Secret Wars cast gossip as two more superheroes get linked with roles in the next two Avengers movies
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
New Call of Duty: Warzone trailer shows a beautiful rebuilt Verdansk, but some fans want more: 'it won't be the same unfortunately'
An Apple Music pink/pixellated poster advertising DJ with Apple Music
DJ with Apple Music lands, allowing subscribers to build and mix DJ sets directly from its +100 million-song catalog
More about pro
FlexiSpot office furniture next to a TechRadar-branded badge that reads Big Savings.

Upgrade your home office for under $500 in the Amazon Spring Sale: My top picks and biggest savings
cybersecurity

Chinese government hackers allegedly spent years undetected in foreign phone networks
A MAN ON A BIIKE ON COBBLES ahead of the Classic Brugge-De Panne live stream 2025

Classic Brugge-De Panne live stream 2025: how to watch UCI World Tour cycling from anywhere
See more latest
Most Popular
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Sony WF-C710N in blue glass on beige background
Sony WF-C710 earbuds land, and I think they'll be the 2025 budget buds to beat
The RIG M2 Streamstar attached to a boom arm.
The RIG M2 Streamstar has the world's first Bluetooth audio gateway in a wired gaming microphone
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
New Call of Duty: Warzone trailer shows a beautiful rebuilt Verdansk, but some fans want more: 'it won't be the same unfortunately'
Data leak
A major Keenetic router data leak could put a million households at risk
A collage of Elizabeth Olsen's Scarlet Witch and Tatiana Maslany's She-Hulk
Marvel fans are already tired of Doomsday and Secret Wars cast gossip as two more superheroes get linked with roles in the next two Avengers movies
Quordle on a smartphone held in a hand
Quordle hints and answers for Wednesday, March 26 (game #1157)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Wednesday, March 26 (game #388)