Russian Hackers Exploit RDP Proxies for Data Theft
/ 1 min read
🕵️♂️ APT29 exploits RDP proxies for sophisticated data theft. The Russian hacking group APT29, also known as “Midnight Blizzard,” is conducting man-in-the-middle (MiTM) attacks using a network of 193 remote desktop protocol (RDP) proxy servers to steal sensitive data and install malware. Targeting government, military, and IT sectors across multiple countries, the group employs the PyRDP tool to intercept communications and execute malicious commands on compromised systems. Recent reports indicate that APT29 tricks victims into connecting to rogue RDP servers via phishing emails, allowing attackers to access local resources and manipulate files. To evade detection, they utilize commercial VPNs, TOR nodes, and residential proxies, emphasizing the need for vigilance against malicious emails and ensuring RDP connections are made only to trusted servers.
