The severity is assessed as CRITICAL due to the real-world exploitability of RDP brute-force attacks and the potential for subsequent ransomware deployment. No specific patches are mentioned, but remediation steps can prevent further exploitation.
A network exposing an RDP server was successfully compromised via brute-force, leading to unauthorized access and credential enumeration. The threat actor utilized various infrastructure points for the attack, indicating a potential ransomware-as-a-service operation.
Affected Systems
- Windows RDP Server
Affected Versions: All versions with exposed RDP services
Remediation
- Disable or restrict access to RDP by limiting the range of IP addresses allowed to connect through firewall rules.
- Ensure strong password policies are in place and consider using multi-factor authentication (MFA) for RDP access.
- Implement network segmentation to limit lateral movement if an RDP account is compromised.
Stack Impact
None of the mentioned services like nginx, docker, linux kernel, openssh, curl, openssl, python are directly affected. The impact is on Windows RDP service and potentially exposed file systems containing credentials.