A sophisticated scanning campaign has escalated dramatically, with threat intelligence firm GreyNoise detecting over 30,000 unique IP addresses simultaneously probing Microsoft Remote Desktop Protocol (RDP) services on August 24, 2024.
This represents a significant expansion from an initial wave of nearly 2,000 IPs observed just three days earlier, marking one of the largest coordinated RDP reconnaissance operations documented this year.
The campaign first caught security researchers’ attention on August 21, when GreyNoise observed an unprecedented surge in scanning activity targeting Microsoft Remote Desktop Web Access and RDP Web Client authentication portals.
The baseline activity for these services typically involves only 3-5 IP addresses per day, making the sudden appearance of 1,971 IPs a clear anomaly representing orders of magnitude above normal levels.
gbhackers.com
