Microsoft RDP Servers Hit by Coordinated Scan Surge

A wave of coordinated scanning activity is targeting Microsoft RDP servers, according to internet intelligence firm GreyNoise. The firm reported nearly 1,971 unique IP addresses probing Remote Desktop Web Access and RDP Web Client login portals simultaneously, indicating an organized reconnaissance effort. This surge in scans points to a possible campaign aimed at identifying vulnerable systems for future exploitation.

GreyNoise’s observations show the scanning patterns are not random. Instead, they appear synchronized, suggesting the involvement of automated tools or a common control infrastructure. Microsoft RDP servers hit in this campaign are being probed for authentication endpoints, which are commonly exposed to the internet and can serve as entry points for attackers if misconfigured.

The scale and timing of the activity raise concerns about potential follow-up attacks. Security teams are urged to monitor RDP endpoints and ensure proper access controls.

Read the full report here:
https://www.bleepingcomputer.com/news/security/surge-in-coordinated-scans-targets-microsoft-rdp-auth-servers/