“The emails were highly targeted, using social engineering lures relating to Microsoft, Amazon Web Services (AWS), and the concept of Zero Trust,” the statement added.
This method, while consistent with Midnight Blizzard’s previous tactics, represents a new approach in how the group attempts to compromise their targets. By leveraging legitimate tools like RDP, hackers can bypass conventional security measures and install malware or maintain persistent access to compromised systems through remote access trojans (RATs).
A longstanding espionage threat
Midnight Blizzard has been linked to espionage activities dating back to 2018, primarily targeting governments, NGOs, and IT service providers in the US and Europe. Its operations typically involve a range of sophisticated techniques, including spear-phishing, stolen credentials, and supply chain attacks. The group has been known to compromise authentication mechanisms within organizations, making it difficult to detect their presence until significant damage has been done.