Tag: Remote Desktop Protocol
-
The 21 Phantom Servers: How a Tiny Botnet Just Hijacked Global RDP Reconnaissance
A diminutive cluster of servers has managed, in a matter of mere hours, to redraw the conventional cartography of internet reconnaissance. According to data from GreyNoise, a scant twenty-one IP addresses orchestrated nearly half of the global RDP scanning influx, and at the zenith of this activity, they accounted for a staggering two-thirds of all…
-
Massive RDP Botnet Unleashed: 100,000+ IPs in Coordinated Global Scanning Campaign Targeting US
Since the beginning of October, GreyNoise analysts have been tracking one of the largest and most coordinated waves of attacks targeting remote access services across the United States. According to their findings, since October 8, 2025, more than 100,000 unique IP addresses from over a hundred countries have been participating in an automated campaign aimed…
-
GreyNoise Detects Massive Surge in RDP Web Access Probing: Prelude to Password Attacks?
GreyNoise has observed a sharp and highly atypical surge in reconnaissance activity targeting Microsoft Remote Desktop Web Access and the RDP Web Client: 1,971 unique IP addresses were active simultaneously, whereas the company typically sees only 3–5 such sources per day. Analysts note that the synchrony and scale point to a coordinated campaign in which…
-
ExpressVPN Fixes RDP Leak: Real IP Addresses Exposed Due to Debugging Code Oversight
ExpressVPN has resolved a vulnerability in its Windows client that allowed Remote Desktop Protocol (RDP) connections to bypass the VPN tunnel, thereby exposing users’ real IP addresses. The issue affected versions 12.97 through 12.101.0.2-beta and stemmed from inadvertently left debugging code, originally intended for internal testing. The flaw was discovered on April 25, 2025, by…