APT29 group used red team tools in rogue RDP attacks

Russia-linked APT29 group used rogue RDP attacks via phishing emails to compromise systems and steal data. The group employed red team tools, including spear-phishing emails and rogue RDP configuration files, to bypass firewalls and gain remote access to victim machines. APT29 heavily utilized anonymization layers like VPNs, TOR, and residential proxy service providers to conceal their activities.