A victim of this technique would give partial control of their machine to the attacker, potentially leading to data leakage and malware installation, researchers Feike Hacquebord and Stephen Hilt said.
The spear-phishing emails were designed to deceive recipients into launching a malicious RDP configuration file attached to the message, causing their machines to connect to a foreign RDP server through one of the group's 193 RDP relays.
The attack method outlined by Black Hill entails using an open-source project called PyRDP - a Python-based "Monster-in-the-Middle (MitM) tool and library" - in front of the adversary-controlled RDP server to minimize detection risk.
The cybersecurity company has tracked the threat group under the moniker Earth Koshchei, preparing for the campaign as early as August 7-8, 2024, highlighting the extensive timeline of security concerns.
Collection
[
|
...
]