"New RDStealer Malware Steals From Drives Shared Over Remote Desktop"

The "RedClouds" cyber espionage and hacking campaign involves the use of custom RDStealer malware to automatically steal data from drives shared via Remote Desktop connections. The malicious campaign was identified by Bitdefender Labs, whose researchers have observed hackers targeting systems in East Asia since 2022. Although they have been unable to attribute the campaign to specific threat actors, they note that their interests align with those of China and that their level of sophistication corresponds to that of a state-sponsored Advanced Persistent Threat (APT) group. Furthermore, according to Bitdefender, the hackers have left traces of their activity dating back to at least 2020, initially using off-the-shelf tools before applying custom malware in late 2021. This article continues to discuss the use of the RDStealer malware by the RedClouds campaign. 

Bleeping Computer reports "New RDStealer Malware Steals From Drives Shared Over Remote Desktop"