216.73.217.98

Malicious RDP Files Identified in Latest Attack on Ukrainian Entities

· Published 26/10/2024 07:55 · Modified 28/10/2024 12:55

Export JSON

Essential information

Published
26/10/2024 07:55
Modified
28/10/2024 12:55
Tags
2024-10-26 apt28 aws cert-ua domain seizure homesteel phishing rdp uac-0215 uac-0218 ukraine
Related entities
1 intrusion sets (apt), 20 techniques (mitre), 1 malware, 5 others

Description

has uncovered a new malicious email campaign targeting Ukrainian government agencies, enterprises, and military entities. The campaign uses configuration files to establish remote connections, enabling data theft and further malware deployment. Attributed to and linked to APT29, the operation exploits popular services like Amazon and Microsoft. Infrastructure preparation began in August 2024, with potential to spread beyond . Amazon has seized impersonating domains to neutralize the threat. also warned of other attacks, including a large-scale operation stealing confidential information () and a ClickFix-style campaign possibly linked to .

External references