Russian state-backed threat group APT29, also known as Midnight Blizzard, BlueBravo, Cozy Bear, and Nobelium, has leveraged red team tools exploiting the remote desktop protocol to facilitate a far-reaching cyberespionage campaign against Ukrainian and European governments, armed forces, researchers, and think tanks beginning in October, reports The Record, a news site by cybersecurity firm Recorded Future.
After registering over 200 high-profile target-linked domains from August to October, APT29 proceeded to exploit the open-source PyRDP tool to infiltrate targeted file systems, which would then be compromised with a configuration file utilizing system tools and processes that would allow the covert exfiltration of configuration files, credentials, and other sensitive data, an analysis from Trend Micro revealed.
Such exploitation of red team toolkits has allowed the increased prioritization of social engineering tactics against targeted entities, according to researchers.
"It helps them ensure they can extract the maximum amount of data and information from their targets in the shortest time," researchers added.
