Microsoft has issued a warning about an ongoing spear-phishing campaign by a threat actor called Midnight Blizzard, which was previously linked by US and UK officials to Russia’s intelligence agency. The company said it discovered that this bad actor has been sending “highly targeted spear-phishing emails” since at least October 22 and believes the goal of this operation is to collect intelligence.
Based on its observations, this group has been sending emails to individuals connected to various sectors, but it is known to target both government and non-government organizations, IT service providers, academia, and defense. Also, while it focuses mostly on organizations in the US and Europe, this campaign also targeted individuals in Australia and Japan.
Midnight Blizzard has already sent thousands of spear-phishing emails to more than 100 organizations for this campaign, Microsoft reported, explaining that those emails contain a signed Remote Desktop Protocol (RDP) link connected to a server that the bad actor controls.
The group used email addresses belonging to real organizations stolen during its previous activities, making targets think they were opening legitimate emails. It also used social engineering techniques to make it seem like the emails were sent by employees of Microsoft or Amazon Web Services.
If someone clicks on the RDP attachment and opens it, a connection to a server controlled by Midnight Blizzard is established. This then gives the bad actor access to the target’s files, any network drives or peripherals connected to their computer (such as microphones and printers), as well as their passkeys, security keys, and other web authentication information. It can also install malware on the target’s computer and network, including remote-access Trojans, which it can use to persist in the victim’s system even after the initial connection is cut.
This group is known by several other names, such as Cozy Bear and APT29, but you may remember it as the threat actor behind the 2020 SolarWinds attacks, in which it managed to infiltrate hundreds of organizations around the world.
It also broke into the emails of several senior Microsoft executives and other employees earlier this year, gaining access to communications between the company and its customers. Microsoft did not say whether this campaign had anything to do with the US presidential election, but it is advising potential targets to be more proactive in protecting their systems.
While the use of generative AI in games seems almost inevitable, as this medium has always toyed with new ways to make enemies and NPCs smarter and more realistic, watching several NVIDIA ACE demos one after another really made me feel sick to my stomach.
It wasn’t just slightly smarter enemy AI — ACE could create entire conversations out of thin air, simulate voices, and try to give NPCs a sense of personality. It’s also working locally on your PC, powered by NVIDIA’s RTX GPUs. But while this might all sound good on paper, I hated nearly every second I spent watching the AI NPCs in action.