THREAT OPS › Threat News › Hide Your RDP: Password Spray Leads to RansomHub Deployment
Hide Your RDP: Password Spray Leads to RansomHub Deployment
<p>Key Takeaways Case Summary This intrusion began in November 2024 with a password spray attack targeting an internet-facing RDP server. Over the course of several hours, the threat actor attempted logins against multiple accounts using known malicious IPs (based on OSINT). Several hours later they then logged in via RDP with one of the previously […]</p> <p>The post <a href="https://thedfi