Warning Issued For Midnight Blizzard’s Spear Phishing Campaign

by | Nov 10, 2024

Microsoft tracked a foreign threat actor called Midnight Blizzard (also known as APT29, Cozy Bear). It is performing a spear phishing campaign attacking companies in several sectors, such as academia, government, defense, information technology, non-governmental organizations (NGOs), and other industries.

Allegedly, Midnight Blizzard is a Russian state-sponsored hacking group that performs cyberattacks to show support for Foreign Intelligence Service (SVR) of Russia. The group is identified to employ varied strategies in its espionage operations which include bespoke malware and tools available to the public like Cobalt Strike and Mimikatz.

Its current campaign, which started on October 22, 2024, has included sending spear-phishing emails to people in over 100 companies worldwide. The threat actor behaves as a reliable entity like Amazon Web Services (AWS) and Microsoft and delivers email messages and an attached remote desktop protocol (RDP) file with signature. The linked RDP setup file creates a link with a server controlled by Midnight Blizzard.

As per Microsoft, with the setup link, the threat actor can get resources like clipboard contents, logical hard disks, linked peripheral devices, printers, audio, and authentication functions and services of the Windows operating system, which includes smart cards. The threat actor can utilize the connection to deploy malware on the victims’ mapped network shares and local drives, making sure of continual access even after the RDP session is finished.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory concerning the group after getting several reports about spear phishing attacks and has proposed the following mitigations:

1. Restrict outbound RDP connections,
2. Block RDP connections in communication tools like email clients and webmail services
3. Implement controls to block RDP files by users
4. Deploy endpoint detection software program
5. Provide HIPAA security awareness training to the employees
6. Activate multifactor authentication (MFA) to put an additional layer of protection to remote access, and preferably use phishing-resistant MFA because SMS based-MFA is prone to SIM-jacking and phishing attacks.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Please enable JavaScript in your browser to complete this form.

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy