news
Windows TCO Leftovers
-
Google ☛ Windows Remote Desktop Protocol: Remote to Rogue
In October 2024, Google Threat Intelligence Group (GTIG) observed a novel phishing campaign targeting European government and military organizations that was attributed to a suspected Russia-nexus espionage actor we track as UNC5837. The campaign employed signed .rdp file attachments to establish Remote Desktop Protocol (RDP) connections from victims' machines. Unlike typical RDP attacks focused on interactive sessions, this campaign creatively leveraged resource redirection (mapping victim file systems to the attacker servers) and RemoteApps (presenting attacker-controlled applications to victims). Evidence suggests this campaign may have involved the use of an RDP proxy tool like PyRDP to automate malicious activities like file exfiltration and clipboard capture. This technique has been previously dubbed as “Rogue RDP.”
-
Cyble Inc ☛ CISA, NSA, FBI Issue Fast Flux Cybersecurity Advisory
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international cybersecurity partners, has issued an urgent advisory titled “Fast Flux: A National Security Threat.” The advisory highlights the growing use of fast flux techniques by cybercriminals and potentially nation-state actors to evade detection and establish highly resilient and stealthy infrastructure for malicious activities.
-
CS Monitor ☛ US cybersecurity concerns are rising, with China topping the list
The chair of the House Committee on Homeland Security named cybersecurity a “top priority” earlier this year. Former FBI Director Christopher Wray has called Chinese hacks the “defining threat of our generation.”
-
Security Week ☛ Port of Seattle Says 90,000 People Impacted by Ransomware Attack
According to the Port, 90,000 individuals were affected, most of which are “current and former Port and other airport employees and contractors. Roughly 71,000 of the impacted people live in Washington state.
-
Hacker News ☛ Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware [Ed: In Windows, click means execute (or open, then execute anything)]
Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials.