top of page

Russia Digs your RDP Servers and other RDP Scanning

We have been observing quite a large number of RDP probes today over most of our sensors.

It appears as though Russian actors are looking for RDP servers on common ports as well as uncommon ports. While it's never a good idea to put your RDP servers on the network where they are Internet facing, we are seeing them hit cloud providers, hosting companies and other networks of US and foreign networks pretty heavily. Normally they are a little more quiet about it so this looks like an attempt to just round up as many RDP servers as possible.

For recommendations on how to protect your IoT devices and Windows based servers you can view the resources here.

Update: After posting this we started seeing more RDP probes from and which we have not seen before making lots of request. In addition below are some of the more recent examples of host searching for Internet based RDP servers.

109 views0 comments
bottom of page