Intel Name: Earth koshchei coopts red team tools in complex rdp attacks
Date of Scan: December 23, 2024
Impact: High
Summary: Earth Koshchei executed a sophisticated attack campaign using rogue Remote Desktop Protocol (RDP) tactics. The group employed red team tools for espionage and data exfiltration, utilizing spear-phishing emails to trick victims into connecting to malicious RDP servers via a compromised configuration file. This campaign involved over 200 newly registered domains and 193 RDP relays. To evade detection, Earth Koshchei masked its operations using commercial VPNs, TOR, and residential proxies, enhancing the stealthiness and complexity of the attack.