"The emails from Midnight Blizzard contain an RDP file signed with a certificate from authenticator LetsEncrypt, to induce the target to open the file."
"By including malicious configurations in the RDP files, the attackers can gain access to files, clipboard content, drives, printers and even authentication tools such as smart cards, when present on the victim's device."
"This means that the attacker can exploit anything accessible from the local system, even installing malware on both local disks and network shares."
"One spear-phishing campaign can affect dozens, hundreds or, as in this case, thousands of individuals, despite its targeted nature."
Collection
[
|
...
]