Relentless brute-force attacks are being launched against remote desktop protocol connections, with GoSecure researchers discovering nearly 3.5 million login attempts from over 1,500 IP addresses to its RDP honeypot system between July 1 and Sept. 30, 2022, according to BleepingComputer.
Attacks targeted at the RDP honeypot purporting to be part of a bank network totaled 13 million throughout the year, with "Administrator" and its different variations being the most commonly used usernames, reported GoSecure researchers at the NorthSec cybersecurity conference.
Most attempted logins have been done by leveraging a variation of the RDP certificate, while login attempts using RDP certificate names were leveraged in login attempts from China- and Russia-based IPs.
The findings also showed that malicious activity against the RDP honeypot has been conducted during normal working days, with activity observed to last from more than four to eight hours, while no brute-force attacks were observed on the weekends.
North Korea's Lazarus Group has leveraged the backdoored PDF reader app SwiftLoader used in the RustBucket campaign to facilitate the deployment of the KANDYKORN macOS malware in a bid to better evade detection, according to The Hacker News.