We have been observing quite a large number of RDP probes today over most of our sensors.
It appears as though Russian actors are looking for RDP servers on common ports as well as uncommon ports. While it's never a good idea to put your RDP servers on the network where they are Internet facing, we are seeing them hit cloud providers, hosting companies and other networks of US and foreign networks pretty heavily. Normally they are a little more quiet about it so this looks like an attempt to just round up as many RDP servers as possible.
For recommendations on how to protect your IoT devices and Windows based servers you can view the resources here.
Update: After posting this we started seeing more RDP probes from 220.127.116.11 and 18.104.22.168 which we have not seen before making lots of request. In addition below are some of the more recent examples of host searching for Internet based RDP servers.
22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199