The Cybersecurity and Infrastructure Security Agency has issued a warning about a spear-phishing campaign by a foreign threat actor targeting government and IT organizations.

CISA said Thursday the threat actor gains access to files stored on the target organization’s network by sending spear-phishing emails containing malicious remote desktop protocol, or RDP, files.

Once access has been achieved, the cyberthreat actor may deploy malicious code and conduct additional activities to achieve persistent access to the target entity’s network.

Measures to Protect Networks From Spear-Phishing

CISA stated that it is working with government and industry partners to assess the large-scale campaign’s impact and that it has called on organizations to implement proactive steps to protect their networks from spear-phishing attacks.

Recommended measures include restricting outbound RDP connections, blocking RDP files in communication platforms, preventing the execution of RDP files, enabling multifactor authentication and implementing conditional access policies.

The agency also urged organizations to deploy endpoint detection and response tools, conduct user education and implement phishing-resistant authentication techniques.

