European Military & Government Data Networks Targeted

Uploaded on 2025-04-23 in INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE--Europe, GOVERNMENT-Defence, FREE TO VIEW

A Russian threat group is using sophisticated phishing methods to attack European governments and military data networks using Remote Desktop Protocol (RDP) to compromise systems.  

The attack, identified by Google’s Threat Intelligence Group (GTIG) as UNC5837, exploits two lesser-known RDP features: resource redirection and RemoteApps. RemoteApps is a virtual application solution that allows users to run Windows-based applications regardless of what operating system they are using.

While RDP is often used for legitimate remote connections, this campaign bypasses typical RDP takeover techniques. Instead of visibly hijacking screens, the attackers quietly access the victim’s data through these advanced features. RDP’s resource redirection allows attackers to map files from the compromised system directly to their own servers. RemoteApps lets them run an attacker-controlled application that appears as a normal program on the victim’s screen, concealing the malicious activity. 

This method provides the attackers with unrestricted access to sensitive files, clipboard data (which may contain passwords or other credentials), and even live inputs from the victim’s system.

The phishing element of the attack is equally insidious. Victims receive emails that appear to be from a legitimate collaboration between Amazon, Microsoft, and the Ukrainian government.  These emails contain a seemingly benign attachment labelled “AWS Secure Storage Connection Stability Test.” 

In reality, the attachment, is an .rdp file signed with a valid Let’s Encrypt certificate, which causes the victim’s system to launch an outbound RDP session to a remote server controlled by the attackers. 

Once the .rdp file is opened, the attackers are granted direct access to the victim’s system without triggering firewall alerts. This allows them to silently monitor activities, steal sensitive information, and even control system peripherals like printers and audio devices.

Research suggests that RDP-based intrusions are increasingly being linked to ransomware attacks and other malicious activities.

Google says that these phishing attacks are part of a broader trend used by the Russian cyber groups targeting organisations across critical sectors and highlights the growing threat posed by Advanced Persistent Threats (APTs).

This delivers a clear warning that organisations must implement stronger security measures to guard against such highly effective cyber attacks.

Google   |   Google   |  I-HLS   |   Techradar  |   Secrurity Affairs  | 

 Image: Ideogram

You Might Also Read: 

President Trump Says Russia Is Not A Cyber Threat:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Chinese Hackers Undertaking A Global Infiltration Campaign 
Quantum Computing Utility Will Be Achieved Within A Decade »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Qualitèsoft Technology

Qualitèsoft Technology

Qualitèsoft Technology is a leading Software Development and Quality Assurance organization. We specialize in Custom Development, Mobile Application, Software Testing and Quality Assurance.

Aptive Consulting

Aptive Consulting

Aptive is a cyber security consultancy providing Penetration Testing and Vulnerability Assessment services.

SafenSoft (SnS)

SafenSoft (SnS)

SafenSoft delivers high-efficiency, low-impact proactive protection against malware, insider threats, and confidential data leakage.

Modulo Security

Modulo Security

Modulo provides automated Governance, Risk, and Compliance (GRC) solutions.

BA-CSIRT

BA-CSIRT

BA-CSIRT is a center which is dedicated to assist and raise awareness among citizens and the Government of the City of Buenos Aires in everything related to information security.

Digital Magics

Digital Magics

Digital Magics is an incubator for innovative startups which offer content and services with high technological value. Areas of focus include IoT, Enterprise Software, AI, Industry 4.0 and Blockchain.

CyberMDX

CyberMDX

CyberMDX delivers proactive security built for hospital devices. 360° visibility, insight, and protection for all connected hospital technologies.

CACI International

CACI International

CACI is at the forefront of developing and delivering technological breakthroughs that transform and optimize government operations.

Naq Cyber

Naq Cyber

Naq is the number one platform for SMEs looking to become legally compliant and protect against cybercrime and other data-related incidents.

Ankura Consulting Group

Ankura Consulting Group

Ankura is a global expert services and advisory firm that delivers services and end-to-end solutions in a wide range of areas including cybersecurity and digital transformation.

Gotham Digital Science (GDS)

Gotham Digital Science (GDS)

Gotham Digital Science is an international security services company specializing in Application and Network Infrastructure security, and Information Security Risk Management.

Strac

Strac

Eliminate Personal Data Risks from your business. Our Dataless SaaS removes the need to manage sensitive data across web, mobile apps, servers and communication channels.

TriCIS

TriCIS

TriCIS design and engineer highly secure integrated solutions that meet the highest government and military security standards, providing information assurance to organisations across the globe.

OneZero Solutions

OneZero Solutions

OneZero specialize in cybersecurity operations, information assurance, computer network operations, solutions engineering, and project management.

Binarii Labs

Binarii Labs

Binarii are focused on helping enterprises to design and deploy SaaS solutions that utilise DLT (Digital Ledger Technology) effectively, efficiently and sensibly.

Digital Encode

Digital Encode

Digital Encode is a leading consulting and integration firm that specializes in the design, management, and security of business-critical networks, telecommunications, and IT infrastructures.