CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Large-scale RDP targeting campaign detected from multi-country botnet

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A large-scale botnet targeting Remote Desktop Protocol (RDP) services in the United States has been detected. The campaign, which began on October 8, 2025, originates from over 100,000 IP addresses across multiple countries. The botnet uses two primary attack methods: RD Web Access timing attacks and RDP web client login enumeration. The botnet's activity was first detected by GreyNoise, a threat monitoring platform, following an unusual traffic spike from Brazil. Subsequent activity was observed from Argentina, Iran, China, Mexico, Russia, South Africa, Ecuador, and over 100 countries in total. The campaign highlights the ongoing threat to RDP services, which are commonly used by administrators, helpdesk staff, and remote workers. Attackers often exploit vulnerabilities, perform brute-force logins, or use timing attacks to gain unauthorized access.

Timeline

  1. 13.10.2025 21:05 1 articles · 1d ago

    Multi-country botnet targets RDP services in the US

    A large-scale botnet targeting RDP services in the United States was detected on October 8, 2025. The campaign originates from over 100,000 IP addresses across multiple countries, including Brazil, Argentina, Iran, China, Mexico, Russia, South Africa, and Ecuador. The botnet uses RD Web Access timing attacks and RDP web client login enumeration to exploit RDP services. The botnet's activity was first detected by GreyNoise following an unusual traffic spike from Brazil. Administrators are advised to block the attacking IP addresses and monitor logs for suspicious activity.

    Show sources
    Open in new tab

Information Snippets