Russia Digs your RDP Servers and other RDP Scanning


We have been observing quite a large number of RDP probes today over most of our sensors.

It appears as though Russian actors are looking for RDP servers on common ports as well as uncommon ports. While it's never a good idea to put your RDP servers on the network where they are Internet facing, we are seeing them hit cloud providers, hosting companies and other networks of US and foreign networks pretty heavily. Normally they are a little more quiet about it so this looks like an attempt to just round up as many RDP servers as possible.

For recommendations on how to protect your IoT devices and Windows based servers you can view the resources here.

Update: After posting this we started seeing more RDP probes from 80.82.78.53 and 80.68.1.204 which we have not seen before making lots of request. In addition below are some of the more recent examples of host searching for Internet based RDP servers.

103.89.91.156 123.249.4.40 181.214.87.248 181.214.87.75 185.129.148.250 185.56.81.55 188.92.76.158 196.52.43.102 209.237.111.208 31.131.251.199 31.31.49.38 46.182.25.42 5.188.10.108 5.188.86.141 51.38.27.93 52.187.31.118 77.72.85.117 77.72.85.27 80.68.1.204 80.82.78.53


91 views

Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2020 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business