Microsoft says Russian hackers have launched major spear phishing attacks against US government officials

These campaigns have also been observed and confirmed by Amazon and the Government Computer Emergency Response Team of Ukraine.

Highly targeted spear phishing

The latest spear phishing attacks utilize a strong social engineering aspect, relying on Microsoft, Amazon Web Services (AWS) and Zero Trust hooks to lure targets into opening Remote Desktop Protocol (RPD) loaded files attached to emails. These files effectively allow Midnight Blizzard to control features and resources of the target system through a remote server.

Midnight Blizzard would also be able to conduct significant information gathering on afflicted devices through mapping the target’s local device resources, including information on “all logical hard disks, clipboard contents, printers, connected peripheral devices, audio, and authentication features and facilities of the Windows operating system, including smart cards.”

This mapping would occur each time the target device connects to the RDP server. Through the connection, Midnight Blizzard can install remote access trojans (RAT) to establish persistent access when the device is not connected to the RDP server.

As a result, Midnight Blizzard would be able to install malware on both the target device and other devices on the same network, alongside the potential for credential theft during the RDP connection.

The campaign has so far targeted officials in governmental agencies, higher education, defense, and non-governmental organizations across the UK, Europe, Australia and Japan. You can see the full details on Microsoft’s mitigation measures here.

More from TechRadar Pro

• These are the best endpoint protection solutions
• Google Chrome cookie encryption system can be easily bypassed, experts warn
• Take a look at the best business VPNs