Earth koshchei coopts red team tools in complex rdp attacks

Intel Name: Earth koshchei coopts red team tools in complex rdp attacks

Date of Scan: December 23, 2024

Impact: High

Summary:
Earth Koshchei executed a sophisticated attack campaign using rogue Remote Desktop Protocol (RDP) tactics. The group employed red team tools for espionage and data exfiltration, utilizing spear-phishing emails to trick victims into connecting to malicious RDP servers via a compromised configuration file. This campaign involved over 200 newly registered domains and 193 RDP relays. To evade detection, Earth Koshchei masked its operations using commercial VPNs, TOR, and residential proxies, enhancing the stealthiness and complexity of the attack.

More Details