Russia-linked APT29 group used red team tools in rogue RDP attacksAPT29 group used malicious RDP configuration files in phishing emails to compromise systemsTargets lacked RDP connection restrictions allowing rogue RDP attacksAPT29 group heavily used anonymization layers like VPNs and TOR for the attacks