APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP
Dec 18, 2024
Cyber Espionage / Malware
The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files. The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities, entails adopting a "rogue RDP" technique that was previously documented by Black Hills Information Security in 2022, Trend Micro said in a report. "A victim of this technique would give partial control of their machine to the attacker, potentially leading to data leakage and malware installation," researchers Feike Hacquebord and Stephen Hilt said . The cybersecurity company is tracking the threat group under its own moniker Earth Koshchei, stating preparations for the campaign began as early as August 7-8, 2024. The RDP campaigns were also spotlighted by the Computer Emergency Response Team of Ukraine (CERT-UA), Microsoft, and Amazon ...