Massive multi-country botnet targets RDP services in the US www.bleepingcomputer.com/news/secu…

A large-scale botnet is targeting Remote Desktop Protocol (RDP) services in the United States from more than 100,000 IP addresses.

The campaign started on October 8 and based on the source of the IPs, researchers believe the attacks are launched by a multi-country botnet.

RDP is a network protocol that enables remote connection and control of Windows systems. It is typically used by administrators, helpdesk staff, and remote workers.

Attackers often scan for open RDP ports or try to brute-force logins, exploit vulnerabilities, or perform timing attacks

GreyNoise detected the campaign after an unusual traffic spike from Brazil, followed by similar activity from a wider geography, which includes Argentina, Iran, China, Mexico, Russia, South Africa, and Ecuador.