bird.makeup

Recent trick related to .RDP files used by the SVR 🇷🇺 is worth threat hunting for. Basically they’re doing what this @BHinfoSecurity blog demoed in 2022: https://www.blackhillsinfosec.com/rogue-rdp-revisiting-initial-access-methods/ Reports: 1. https://cert.gov.ua/article/6281076 2. https://aws.amazon.com/blogs/security/amazon-identified-internet-domains-abused-by-apt29/ 3. https://www.microsoft.com/en-us/security/blog/2024/10/29/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/
See Tweet

Service load: 1877 hours to fetch all users
Source Code Support us on Patreon