Microsoft says Russian hackers have launched major spear phishing attacks against US government officials

Officials across a range of sectors hit by targeted spear phishing campaigns

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Infamous Russian-linked threat actor MidnightBlizzardhas been targeting US officials with spear phishing attacks across a range of government and non-government sectors, new research has claimed..

Findings released byMicrosoft Threat Intelligencestate Midnight Blizzard has been using these attacks to gather information since first being observed on October 22.

These campaigns have also been observed and confirmed byAmazonand the Government Computer Emergency Response Team of Ukraine.

Highly targeted spear phishing

The latest spear phishing attacks utilize a strong social engineering aspect, relying onMicrosoft, Amazon Web Services (AWS) and Zero Trust hooks to lure targets into opening Remote Desktop Protocol (RPD) loaded files attached to emails. These files effectively allow Midnight Blizzard to control features and resources of the target system through a remote server.

Midnight Blizzard would also be able to conduct significant information gathering on afflicted devices through mapping the target’s local device resources, including information on “all logical hard disks, clipboard contents, printers, connected peripheral devices, audio, and authentication features and facilities of the Windowsoperating system, including smart cards.”

This mapping would occur each time the target device connects to the RDP server. Through the connection, Midnight Blizzard can install remote access trojans (RAT) to establish persistent access when the device is not connected to the RDP server.

As a result, Midnight Blizzard would be able to installmalwareon both the target device and other devices on the same network, alongside the potential for credential theft during the RDP connection.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The campaign has so far targeted officials in governmental agencies, higher education, defense, and non-governmental organizations across the UK, Europe, Australia and Japan. You can see the full details onMicrosoft’s mitigation measures here.

More from TechRadar Pro

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

The real battle for generative AI in software

US government agency warns workers of possible Chinese cellphone hacks

Cybersecurity is business survival and CISOs need to act now