APT29 Hackers Use Rogue RDP in Cyber Attacks
/ 1 min read
🕵️♂️💻 APT29 Hackers Employ Rogue RDP Techniques in Cyber Espionage Campaign. The Russia-linked threat actor APT29, also known as Earth Koshchei, has been observed using a repurposed red teaming attack method involving malicious Remote Desktop Protocol (RDP) configuration files to target governments, think tanks, and Ukrainian entities. This technique, which allows attackers to gain partial control of victims’ machines, was highlighted in a Trend Micro report and involves spear-phishing emails that trick recipients into connecting to compromised RDP servers. The campaign, which began preparations in early August 2024, has targeted around 200 high-profile victims in a single day, utilizing tools like PyRDP to facilitate data exfiltration without deploying custom malware, thereby evading detection.
