Russia’s APT29 Launches Major Spear Phishing Campaign



Ransomware Attacks From Within RussiaTrend Micro warns that the Russian state-sponsored threat actor Earth Koshchei (also known as “APT29” or “Cozy Bear”) is using spear phishing emails to trick victims into connecting to rogue Remote Desktop Protocol (RDP) relays.

“Earth Koshchei’s rogue RDP campaign reached its peak on October 22, when spear-phishing emails were sent to governments and armed forces, think tanks, academic researchers, and Ukrainian targets,” Trend Micro explains.

“These emails were designed to deceive recipients into using a rogue RDP configuration file attached to the message. When opened, this RDP configuration file would instruct the target computer to try to connect to a foreign RDP server through one of the 193 RDP relays Earth Koshchei had set up.”

Trend Micro emphasizes that the scale of this spear phishing campaign dwarfed similar operations launched by other APT groups.

“The scale of the RDP campaign was huge: The number of high-profile targets – about 200 – we saw in one day was about the same size as another APT group like Pawn Storm targets in weeks,” the researchers write. “This was not the first time Earth Koshchei was linked to a massive spear-phishing campaign: In May 2021, they also sent spear-phishing emails to thousands of individual accounts.”

The threat actor registered more than 200 phishing domains in preparation for the campaign, and sent the spear phishing emails from legitimate but compromised email servers. 

“In August 2024, the registered domain names suggested targeting against governments and military in Europe, the US, Japan, Ukraine, and Australia,” the researchers write. “At the end of this month, domain names were registered that look to be related to cloud providers and IT companies. Then, in September 2024, there were batches of domain names that appeared to be based on several think thanks and non-profit organizations. There were also several domain names related to online virtual platforms like Zoom, Google Meet, and Microsoft Teams.”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Trend Micro has the story.


Get Your Free Phishing Security Resource Kit

Phishing emails increase in volume every month and every year, so we created this free resource kit to help you defend against attacks. Request your kit now to learn phishing mitigation strategies, what new trends and attack vectors you need to be prepared for, and our best advice on how to protect your users and your organization.

Phishing-Kit-Resources-ImageHere's what you'll get:

  • Access to our free on-demand webinar Your Ultimate Guide to Phishing Mitigation featuring Roger A. Grimes, KnowBe4’s Data-Driven Defense Evangelist
  • Our most popular phishing whitepaper: Comprehensive Anti-Phishing Guide E-Book
  • A video that explains How to Avoid Phishing Attacks
  • Our most recent quarterly infographic on Top-Clicked Phishing Email Subjects Infographic 
  • Posters and digital signage to remind users about what to watch out for 

Get Your Kit Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-resource-kit 



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews