VERY IMPORTANT

Earth Koshchei, an APT group suspected to be sponsored by the Russian SVR, executed a large-scale rogue RDP campaign targeting high-profile sectors. The attack methodology involved spear-phishing emails, red team tools, and sophisticated anonymization techniques. The campaign used an RDP relay, rogue RDP server, and malicious RDP configuration files to potentially leak data and install malware. The group registered over 200 domain names between August and October, setting up 193 RDP relays and 34 rogue RDP backend servers. They employed anonymization layers like VPN services, TOR, and residential proxies to mask their operations. The campaign peaked on October 22, targeting governments, armed forces, think tanks, academic researchers, and Ukrainian entities.