CISA warns that foreign actor is conducting large-scale spear-phishing campaigns with malicious files

The Cyber ​​Security and Infrastructure Security Agency issued on October 31 a alert in a large-scale spear-phishing campaign targeting organizations across multiple sectors. The agency has received several reports on this issue. According to the agency, the foreign threat actor, often posing as a trusted entity, sends spear-phishing emails with malicious Remote Desktop Protocol files to targeted organizations to log in and access files stored on the target network . If the threat actor gains access, they could perform additional activities, such as deploying malicious code to gain persistent access to the target’s network. CISA, other federal agencies and partners are coordinating and evaluating the impact of the campaign and have urged organizations to take proactive steps to protect their data and systems.

“Malicious use of RDP to conduct cyberattacks, including highly disruptive ransomware attacks, continues to be a significant attack vector used by foreign cybercriminals, ransomware gangs, and spies,” said John Riggi, AHA National Security Advisor cyber and risk. “To help mitigate this type of cyberattack risk, healthcare organizations are strongly advised to restrict outbound RDP connections, block RDP connections in communication platforms, prevent RDP file execution, and use strong multi-factor authentication to phishing for all remote access. alert for additional recommendations.”

For more information on this or other cyber and risk issues, contact Riggi at [email protected]. For the latest cyber and risk resources and threat information, visitaha.org/cybersecurity.