CyberNews Briefs

New GoldBrute Botnet is Trying to Hack 1.5 Million RDP Servers

A researcher with Morphus Labs has uncovered a botnet that is scanning the Internet for Windows machines that have a poorly secured Remote Desktop Protocol (RDP) connection enabled. The botnet, dubbed GoldBrute, tries to obtain access to vulnerable machines by launching brute-forcing and credential stuffing attacks.

GoldBrute has already identified 1.5 million potentially vulnerable systems to target. However, the botnet doesn’t have a persistence mechanism, meaning that it is not designed to maintain access on a compromised system. Because of this, the researcher believes that the people behind GoldBrute may aim to put the information it gathers on vulnerable systems up for sale on dark web marketplaces. Alternatively, the threat actors may aim to target the vulnerable machines themselves in future campaigns.

Read more: New GoldBrute Botnet is Trying to Hack 1.5 Million RDP Servers

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.