Microsoft confirms US government officials are being targeted by notorious hackers

Microsoft has confirmed that Russian threat actor Midnight Blizzard is sending a wave of attacks that are targeting US government officials.

Microsoft confirms US government officials are being targeted by notorious hackers
Comment IconFacebook IconX IconReddit Icon
Tech and Science Editor
Published
2 minutes read time
TL;DR: Microsoft has reported that the Russian government-backed hacking group Midnight Blizzard is targeting US government officials and other sectors with spear-phishing emails. These emails contain a signed Remote Desktop Protocol (RDP) configuration file that connects to a server controlled by the hackers, potentially exposing sensitive information and allowing malware installation.

Microsoft has taken to its security blog to shine a light on the company's recent observations in the cybersecurity space, and according to the Redmond company, a known hacking group is now going after US government officials in a series of highly-targeted spear-phishing email waves.

Malicious remote connection

Malicious remote connection

According to Microsoft, the hacking group is Russian government-backed bad actors Midnight Blizzard, which have been on Microsoft's radar since October 22, 2024. Microsoft Threat Intelligence is quite familiar with Midnight Blizzard, as the hacking group targeted Microsoft servers on January 12, 2024, which ended up becoming compromised and Midnight Blizzard gaining access to federal government email accounts, Microsoft's corporate email accounts, and more.

At the time, Microsoft described these attacks by Midnight Blizzard as a "sustained, significant commitment of the threat actor's resources, coordination, and focus." Now, Microsoft has put out a new warning that Midnight Blizzard is sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. Microsoft writes this activity is ongoing, and the likely goal of this operation is to collect intelligence.

As for specifics, Microsoft is attempting to thwart the spear-phising campaign by revealing what individuals can look out for. According to the blog post spear-phishing emails within the campaign that were sent to thousands of targets over 100s of organizations contained a "signed Remote Desktop Protocol (RDP) configuration file." This file enabled a connection to be formed with the Midnight Blizzard-controller server.

"In this campaign, the malicious .RDP attachment contained several sensitive settings that would lead to significant information exposure. Once the target system was compromised, it connected to the actor-controlled server and bidirectionally mapped the targeted user's local device's resources to the server. Resources sent to the server may include, but are not limited to, all logical hard disks, clipboard contents, printers, connected peripheral devices, audio, and authentication features and facilities of the Windows operating system, including smart cards.

This access could enable the threat actor to install malware on the target's local drive(s) and mapped network share(s), particularly in AutoStart folders, or install additional tools such as remote access trojans (RATs) to maintain access when the RDP session is closed. The process of establishing an RDP connection to the actor-controlled system may also expose the credentials of the user signed in to the target system," warned Microsoft

Photo of the Google Pixel 8 - Unlocked Android Smartphone
Best Deals: Google Pixel 8 - Unlocked Android Smartphone
Country flag Today 7 days ago 30 days ago
$399 USD $499 USD
Buy
$1159 USD $1159 USD
Buy
$629.98 CAD $649.92 CAD
Buy
$1009.94 CAD $1009.94 CAD
Buy
$399 USD $499 USD
Buy
$399 USD $499 USD
Buy
* Prices last scanned on 2/12/2025 at 1:55 pm CST - prices may not be accurate, click links above for the latest price. We may earn an affiliate commission from any sales.

Tech and Science Editor

Email IconX IconLinkedIn Icon

Jak joined the TweakTown team in 2017 and has since reviewed 100s of new tech products and kept us informed daily on the latest science, space, and artificial intelligence news. Jak's love for science, space, and technology, and, more specifically, PC gaming, began at 10 years old. It was the day his dad showed him how to play Age of Empires on an old Compaq PC. Ever since that day, Jak fell in love with games and the progression of the technology industry in all its forms.

Related Topics

Newsletter Subscription