A researcher with Morphus Labs has uncovered a botnet that is scanning the Internet for Windows machines that have a poorly secured Remote Desktop Protocol (RDP) connection enabled. The botnet, dubbed GoldBrute, tries to obtain access to vulnerable machines by launching brute-forcing and credential stuffing attacks.
GoldBrute has already identified 1.5 million potentially vulnerable systems to target. However, the botnet doesn’t have a persistence mechanism, meaning that it is not designed to maintain access on a compromised system. Because of this, the researcher believes that the people behind GoldBrute may aim to put the information it gathers on vulnerable systems up for sale on dark web marketplaces. Alternatively, the threat actors may aim to target the vulnerable machines themselves in future campaigns.
Read more: New GoldBrute Botnet is Trying to Hack 1.5 Million RDP Servers