Botnet Brouhaha: 100K IPs Launch RDP Assault on U.S. Networks!

A botnet with 100,000+ IP addresses from over 100 countries is targeting U.S. RDP services, starting October 8. GreyNoise researchers discovered this after noticing unusual Brazilian IP activity. The attack uses RD Web Access timing attacks and RDP web client login enumeration, with most IPs sharing a similar TCP fingerprint.

3P
Published: October 14, 2025 7:33 pmAdded: October 14, 2025 at 1:06 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like the botnet world is hosting its own international summit, with over 100,000 IPs RSVP-ing to the RDP infiltration party! If only these cybercriminals could put this kind of global coordination to better (and legal) use, we might have solved world peace by now.

Key Points:

– A botnet of over 100,000 IP addresses is attacking U.S. RDP services since October 8, 2025.
– The attack involves RD Web Access timing and RDP web client login enumeration techniques.
– The coordinated attack suggests a single entity is behind this massive botnet.
– Over 100 countries contribute to the botnet, with major IP activity from Brazil.
– Defensive measures include VPNs, MFA, strong passwords, and monitoring login attempts.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?