European Military & Government Data Networks Targeted

Uploaded on 2025-04-23 in INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE--Europe, GOVERNMENT-Defence, FREE TO VIEW

A Russian threat group is using sophisticated phishing methods to attack European governments and military data networks using Remote Desktop Protocol (RDP) to compromise systems.  

The attack, identified by Google’s Threat Intelligence Group (GTIG) as UNC5837, exploits two lesser-known RDP features: resource redirection and RemoteApps. RemoteApps is a virtual application solution that allows users to run Windows-based applications regardless of what operating system they are using.

While RDP is often used for legitimate remote connections, this campaign bypasses typical RDP takeover techniques. Instead of visibly hijacking screens, the attackers quietly access the victim’s data through these advanced features. RDP’s resource redirection allows attackers to map files from the compromised system directly to their own servers. RemoteApps lets them run an attacker-controlled application that appears as a normal program on the victim’s screen, concealing the malicious activity. 

This method provides the attackers with unrestricted access to sensitive files, clipboard data (which may contain passwords or other credentials), and even live inputs from the victim’s system.

The phishing element of the attack is equally insidious. Victims receive emails that appear to be from a legitimate collaboration between Amazon, Microsoft, and the Ukrainian government.  These emails contain a seemingly benign attachment labelled “AWS Secure Storage Connection Stability Test.” 

In reality, the attachment, is an .rdp file signed with a valid Let’s Encrypt certificate, which causes the victim’s system to launch an outbound RDP session to a remote server controlled by the attackers. 

Once the .rdp file is opened, the attackers are granted direct access to the victim’s system without triggering firewall alerts. This allows them to silently monitor activities, steal sensitive information, and even control system peripherals like printers and audio devices.

Research suggests that RDP-based intrusions are increasingly being linked to ransomware attacks and other malicious activities.

Google says that these phishing attacks are part of a broader trend used by the Russian cyber groups targeting organisations across critical sectors and highlights the growing threat posed by Advanced Persistent Threats (APTs).

This delivers a clear warning that organisations must implement stronger security measures to guard against such highly effective cyber attacks.

Google   |   Google   |  I-HLS   |   Techradar  |   Secrurity Affairs  | 

 Image: Ideogram

You Might Also Read: 

President Trump Says Russia Is Not A Cyber Threat:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Chinese Hackers Undertaking A Global Infiltration Campaign 
Quantum Computing Utility Will Be Achieved Within A Decade »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

International Organization for Standardization (ISO)

International Organization for Standardization (ISO)

ISO is an independent, non-governmental international standards organization. The ISO/IEC 27001 is the standard for information security management systems.

Cyberbit

Cyberbit

Cyberbit empowers cybersecurity teams to be fully prepared with a product portfolio ready to detect and respond effectively across both IT and OT networks.

ThreatSTOP

ThreatSTOP

ThreatSTOP is a cloud-based automated threat intelligence platform that converts the latest threat data into enforcement policies to stop attacks before they become breaches.

Cyberlitica

Cyberlitica

Cyberlitica (formerly iPhish) provides a Workforce Threat Intelligence application that significantly augments companies’ cyber threat prevention efforts.

Human Security

Human Security

Human (formerly White Ops) Bot Mitigation Platform enables complete protection from sophisticated bot attacks across advertising, marketing and cybersecurity.

Open Systems

Open Systems

Open Systems is a Secure Access Service Edge (SASE) pioneer delivering a complete solution to network and security.

HunCERT

HunCERT

HunCERT's mission is to assist Hungarian Internet Service Providers in applying appropriate procedures to address the risks of computer network incidents and to respond to such incidents.

Indevis

Indevis

Indevis provides IT security, datacenter and network solutions, accompanied by professional consulting, management and support services.

Oivan

Oivan

Oivan harnesses the strengths of the web, mobile, cloud, cybersecurity, and blockchain technologies to help our clients to launch transformative digital services.

HiSolutions

HiSolutions

HiSolutions is a renowned consulting firms for IT governance, risk & compliance in Germany, combining highly specialized know-how in the field with profound process competence.

Computacenter

Computacenter

Computacenter is a leading independent technology partner, trusted by large corporate and public sector organisations. We help our customers to source, transform and manage their IT infrastructure.

CV-Library

CV-Library

Start your job search with 216,931 live UK vacancies on award-winning CV-Library. Register your CV and find local jobs near you today!

Rezonate

Rezonate

Rezonate discovers, profiles, and protects Identities and their entire access journey to cloud infrastructure and critical SaaS applications. Preventing and stopping cyberattacks.

HaystackID

HaystackID

HaystackID provides industry-leading computer forensics, eDiscovery, and attorney document review experts to help with complex, data-intensive investigations and litigation.

RKON

RKON

RKON Technologies provides managed IT and cybersecurity services to organizations across various industries, helping businesses mitigate risks and secure their digital infrastructures.

Swise

Swise

Swise is a Cyber security and compliance platform for your small business. Simplify and automate your security and compliance with our AI-powered platform.