Reverse Remote Desktop Exploitation:
A Deep Dive into Midnight Blizzard’s RDP Phishing Tactics
A Deep Dive into Midnight Blizzard’s RDP Phishing Tactics
Abstract
In this session, Mickey will analyze and demonstrate a novel Reverse Remote Desktop Protocol (RDP) phishing attack leveraged by Midnight Blizzard. Recently, this actor deployed large-scale, targeted spear-phishing campaigns utilizing malicious RDP files, a tactic aimed at government, academic, and defense sectors. Through this attack, Midnight Blizzard gains remote access to victim machines, circumventing traditional defenses by exploiting user-initiated RDP connections.
This presentation will dissect the attack mechanics as highlighted in Microsoft’s latest threat intelligence report. By detailing the construction and delivery of the malicious RDP payloads, as well as the exploitation phase, participants will gain insights into the attacker’s strategies.
The session will also include a demonstration of the attack scenario, providing a practical understanding of the technical vulnerabilities exploited and illustrating the RDP-based intrusion from both the attacker’s and defender’s perspectives.