FlagThis

Hewlett Packard Enterprise (HPE) experienced a data breach in May 2023, attributed to the Russian state-sponsored hacking group Midnight Blizzard (also known as Cozy Bear or APT29). The breach involved their Office 365 email environment and was confirmed in December 2023. The breach compromised employee data and was contained after its discovery.

Earth Koshchei, also known as APT29 and Midnight Blizzard, is leveraging red team tools and techniques to compromise RDP servers. The attack methodology involves a combination of an RDP relay, rogue RDP servers and malicious RDP configuration files, redirecting traffic through VPNs, TOR and residential proxies, making detection and mitigation difficult. This sophisticated campaign targets governments, armed forces, think tanks, academic researchers, and Ukrainian entities, leading to potential data leakage and malware installation. The APT group uses spear-phishing emails containing malicious RDP configuration files that redirect traffic to 193 RDP relays.