Threat Actors Target Exposed Remote Desktop Protocol To Deploy Ransomware
Threat actors were discovered targeting open Remote Desktop Protocol (RDP) ports with variants from a range of ransomware families including Redeemer, NYX, Vohu, Amelia, BlackHunt, and MedusaLocker.
Online scanners were used to discover devices while stolen credentials or vulnerabilities were used as the initial access vector.
In some instances, adversaries were discovered exploiting the Microsoft Windows RDP BlueKeep vulnerability (CVE-2019-0708) to gain entry.
Featured Resources
Whitepaper
Hong Kong Protection of Critical Infrastructure Bill
How Cymulate Exposure Management Accelerates Compliance The Hong Kong Protection of Critical Infrastructures (Computer Systems) Bill mandates that operators across
blog
How Cymulate Supports Hong Kong's 2025 Protection of Critical Infrastructure Ordinance
In March 2025, Hong Kong's Protection of Critical Infrastructure (Computer System) Ordinance was enacted and will go into effect in
blog
Reducing Attack Surface with Exposure Management and Attack Path Discovery
See how exposure management and attack path discovery turn attack surface reduction into continuous, proven resilience.