Russia Digs your RDP Servers and other RDP Scanning


We have been observing quite a large number of RDP probes today over most of our sensors.

It appears as though Russian actors are looking for RDP servers on common ports as well as uncommon ports. While it's never a good idea to put your RDP servers on the network where they are Internet facing, we are seeing them hit cloud providers, hosting companies and other networks of US and foreign networks pretty heavily. Normally they are a little more quiet about it so this looks like an attempt to just round up as many RDP servers as possible.

For recommendations on how to protect your IoT devices and Windows based servers you can view the resources here.

Update: After posting this we started seeing more RDP probes from 80.82.78.53 and 80.68.1.204 which we have not seen before making lots of request. In addition below are some of the more recent examples of host searching for Internet based RDP servers.

103.89.91.156 123.249.4.40 181.214.87.248 181.214.87.75 185.129.148.250 185.56.81.55 188.92.76.158 196.52.43.102 209.237.111.208 31.131.251.199 31.31.49.38 46.182.25.42 5.188.10.108 5.188.86.141 51.38.27.93 52.187.31.118 77.72.85.117 77.72.85.27 80.68.1.204 80.82.78.53


89 views

Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2018 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business Jigsaw Security is an operator of WIMAX networks and is operating under license WQVC235 as a common carrier, non-common carrier and private communications operator. Jigsaw Security operates cable and satellite services. Courses may be provided by a third party authorized training partner in some cases. Some training is only available for cleared and US Citizens. Courses approved by the North Carolina Department of Public Safety Private Protective Services Board for licensing and CE credits. JPM program insurance is provided by an authorized Jigsaw Security Insurance Partner and is not underwritten by Jigsaw Security. For insurance information please contact our JPM program manager. Jigsaw Security operates a network through our NCBroadband brand.