European Military & Government Data Networks Targeted

Uploaded on 2025-04-23 in INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE--Europe, GOVERNMENT-Defence, FREE TO VIEW

A Russian threat group is using sophisticated phishing methods to attack European governments and military data networks using Remote Desktop Protocol (RDP) to compromise systems.  

The attack, identified by Google’s Threat Intelligence Group (GTIG) as UNC5837, exploits two lesser-known RDP features: resource redirection and RemoteApps. RemoteApps is a virtual application solution that allows users to run Windows-based applications regardless of what operating system they are using.

While RDP is often used for legitimate remote connections, this campaign bypasses typical RDP takeover techniques. Instead of visibly hijacking screens, the attackers quietly access the victim’s data through these advanced features. RDP’s resource redirection allows attackers to map files from the compromised system directly to their own servers. RemoteApps lets them run an attacker-controlled application that appears as a normal program on the victim’s screen, concealing the malicious activity. 

This method provides the attackers with unrestricted access to sensitive files, clipboard data (which may contain passwords or other credentials), and even live inputs from the victim’s system.

The phishing element of the attack is equally insidious. Victims receive emails that appear to be from a legitimate collaboration between Amazon, Microsoft, and the Ukrainian government.  These emails contain a seemingly benign attachment labelled “AWS Secure Storage Connection Stability Test.” 

In reality, the attachment, is an .rdp file signed with a valid Let’s Encrypt certificate, which causes the victim’s system to launch an outbound RDP session to a remote server controlled by the attackers. 

Once the .rdp file is opened, the attackers are granted direct access to the victim’s system without triggering firewall alerts. This allows them to silently monitor activities, steal sensitive information, and even control system peripherals like printers and audio devices.

Research suggests that RDP-based intrusions are increasingly being linked to ransomware attacks and other malicious activities.

Google says that these phishing attacks are part of a broader trend used by the Russian cyber groups targeting organisations across critical sectors and highlights the growing threat posed by Advanced Persistent Threats (APTs).

This delivers a clear warning that organisations must implement stronger security measures to guard against such highly effective cyber attacks.

Google   |   Google   |  I-HLS   |   Techradar  |   Secrurity Affairs  | 

 Image: Ideogram

You Might Also Read: 

President Trump Says Russia Is Not A Cyber Threat:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Chinese Hackers Undertaking A Global Infiltration Campaign 
Quantum Computing Utility Will Be Achieved Within A Decade »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resource Centre for Cyber Forensics (RCCF)

Resource Centre for Cyber Forensics (RCCF)

RCCF is a pioneering institute, pursuing research activities in the area of Cyber Forensics.

CyberWarrior

CyberWarrior

CyberWarrior deliver training and consulting for some of the world’s top brands and also partner with national systems integrators to augment their teams with our expertise.

Wolf Hill Group

Wolf Hill Group

Wolf Hill Group, a Slone Partners company, is a national recruitment firm focused on Cybersecurity.

GLESEC

GLESEC

GLESEC offer a complete range of Cyber Security services from Operations & Intelligence Services to Auditing & Compliance and Simulation and Training.

Soliton

Soliton

Soliton is a leading Japanese technology company and a pioneer in IT security solutions for protecting company resources and data from external IT security threats.

Informatics International

Informatics International

Informatics is a leading ICT provider in Sri Lanka, providing cutting-edge software & infrastructure solutions and services including cyber security.

Digital Craftsmen Ltd

Digital Craftsmen Ltd

We're ISO27001 & Cyber Essentials Cybersecurity experts, delivering full cloud security and managed services. We take a bespoke approach for each client from hosting, optimising & securing them online

AML Global Solutions (AMLGS)

AML Global Solutions (AMLGS)

AMLGS delivers Financial Crime prevention training programmes and consultancy services encompassing Anti-Money Laundering (AML), Counter Terrorism Financing (CTF), Bribery & Corruption and Fraud.

CyberconIQ

CyberconIQ

CyberconIQ provide an integrated Human Defense Platform that reduces the probability and/or the cost of a cybersecurity breach by measurably improving our clients risk posture and compliance culture.

SafePaas

SafePaas

SafePaas is a leading Enterprise Risk Management Platform. One source of truth for all your Audit, Risk, and Compliance requirements. Complete governance across your systems.

XpertDPO

XpertDPO

XpertDPO provides data security, governance, risk and compliance, GDPR and ISO consultancy to public and private sector organisations.

Intelequia

Intelequia

Intelequia SOC is the Security Operations Center your company needs. 24x7 monitoring, protection and automated response to cyber threats.

Xcelerate Solutions

Xcelerate Solutions

Xcelerate Solutions is a leading defense and national security company, providing integrated solutions in three service areas – Enterprise Security, Digital Transformation, and Strategic Consulting.

Systems Engineering

Systems Engineering

Systems Engineering is a SOC 2, Type 2-certified IT strategy and managed technology services provider.

SydeLabs

SydeLabs

At SydeLabs, our mission is to ensure the comprehensive security of your AI systems.

National Cybersecurity Agency (ANCI) - Chile

National Cybersecurity Agency (ANCI) - Chile

ANCI (Agencia Nacional de Ciberseguridad) is the National Cybersecurity Agency of Chile.