Russian hackers Midnight Blizzard poses as Microsoft employees to attack US officials

Midnight Blizzard is responsible for the SolarWinds attack.

Reading time icon 2 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Key notes

  • Microsoft warns that Russian hackers are targeting US officials with spear-phishing emails ahead of the election.
  • The group impersonated Microsoft employees and sent malicious emails to thousands of targets.
  • This campaign is part of a broader Russian effort to spread disinformation related to the elections.
US elections 2024

Microsoft has warned of a new spear-phishing campaign by Midnight Blizzard, a Russian-linked hacker group also known as Cozy Bear or APT29, responsible for the 2020 SolarWinds breach and last year’s attack on TeamCity servers.

The Redmond tech giant says in a recent blog post that the group has been targeting US officials just before the US presidential election. Since October 22, the group has sent targeted spear-phishing emails to over 100 organizations worldwide, including the US, European, Australian, and Japanese sectors in government, academia, and defense.

“Its focus is to collect intelligence through longstanding and dedicated espionage of foreign interests that can be traced to early 2018,” Microsoft warns about the group.

These emails, which use stolen organizational credentials and impersonate Microsoft and Amazon Web Services employees, contain Remote Desktop Protocol (RDP) files that give hackers access to sensitive files, network drives, and security keys. They contain remote desktop files connecting to hacker-controlled services.

The group has a link to Russia’s Foreign Intelligence Service, according to Microsoft. The US intelligence has previously reported that Russia is spreading disinformation about Democratic Vice-Presidential candidate Tim Walz (via The Washington Post), likely to instigate unrest and threats against election workers.

“It uses diverse initial access methods, including spear phishing, stolen credentials, supply chain attacks, compromise of on-premises environments to laterally move to the cloud, and leveraging service providers’ trust chain to gain access to downstream customers,” the Redmond company says further.

Brad Smith, Microsoft exec, has previously urged Congress to pass federal laws to regulate AI-generated deepfakes and deceptive ads ahead of the 2024 US elections. But, Congress will unlikely be enacting new AI regulations this year.

User forum

0 messages