Start your day with intelligence. Get The OODA Daily Pulse.
Microsoft is warning of a new spear-phishing campaign by threat actor Midnight Blizzard. The group is sponsored by the Russian state. The attacks are using RDP files, which is new for this threat group. Microsoft stated that the operation is targeting thousands of users in over 100 organizations in government, defense, academia, and other sectors. It is likely that Midnight Blizzard is aiming to collect intelligence for the Russian government. The group is also commonly known as APT29 and Cozy Bear, and additionally recently targeted Microsoft systems. The spear-phishing emails are sometimes impersonating Microsoft employees, and Microsoft has been tracking the campaign for the past week.