CISA released an alert last week regarding a “foreign threat actor conducting a large-scale spear-phishing campaign with RDP attachments.” The threat actors seem to be targeting those in IT and government sectors.
“The foreign threat actor, often posing as a trusted entity, is sending spear-phishing emails containing malicious remote desktop protocol (RDP) files to targeted organizations to connect to and access files stored on the target’s network. Once access has been gained, the threat actor may pursue additional activity, such as deploying malicious code to achieve persistent access to the target’s network,” CISA states.
Here is a LINK to this alert from CISA that contains mitigation recommendations.
