APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP

The Russia-linked APT29 threat actor, Earth Koshchei, is using a “rogue RDP” technique to target high-profile victims, including governments and armed forces. The technique involves spear-phishing emails with malicious RDP configuration files that connect victims to rogue RDP servers, enabling data exfiltration and malware installation. Earth Koshchei employs anonymization layers and tools like PyRDP to enhance their attacks and evade detection.