On November 12, 2024, a joint cybersecurity advisory was released by agencies from the United States, Australia, Canada, New Zealand, and the United Kingdom. This advisory highlights the **top routinely exploited vulnerabilities of 2023**, offering insights into persistent threats and the measures organizations can take to protect themselves.

In 2022, Microsoft began blocking macros originating from the internet in Office, pushing both pentesters and threat actors to explore new methods for initial access. Fast forward to October 2024, and APT29 is leveraging one of those methods—Rogue RDP—discovered as a workaround back in 2022. In this video, we dive into a recent spearphishing campaign uncovered by the Ukrainian CERT, where attackers used Rogue RDP to gain initial access to targets. This video will provide you practical detection opportunities that can be used to hunt for this activity in your environment.