Midnight Blizzard, an advanced persistent threat group sponsored by the Russian government, has launched a large-scale spear-phishing attack targeting governments, military organizations, and academic researchers in the West.
The group exploited red team methodologies and anonymization tools to exfiltrate sensitive data from their targets' IT infrastructure.
The attack utilized a rogue Remote Desktop Protocol (RDP) and a Python-based tool called PyRDP, with approximately 200 high-profile victims targeted in a single day.
The victims included government and military organizations, think tanks, academic researchers, and entities associated with the Ukrainian government and the Netherlands' Ministry of Foreign Affairs.