In a sophisticated espionage campaign targeting European government and military institutions, hackers believed to be connected with Russian state actors have been utilizing a lesser-known feature of Windows Remote Desktop Protocol (RDP) to infiltrate systems.

The Google Threat Intelligence Group (GTIG) has identified this new wave of cyber attacks and attributed them to a group they refer to as UNC5837.