Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

Hackers Exploiting Windows .RDP Files For Rogue Remote Desktop Connections

This method, described as “Rogue RDP” by GTIG, allows attackers to access the victim’s file systems, clipboard data, and potentially even system variables, all under the guise of a legitimate application check. The deployment of tools like PyRDP in potential attacks highlights a growing trend where attackers leverage existing system capabilities for stealthy, persistent access, making the continuous update of security practices imperative for all organizations. Drive and Clipboard Redirection: The configuration granted attackers read/write access to all victim drives, exposing file systems, environment variables, and clipboard data, including user-copied passwords. Deceptive RemoteApps: Instead of full desktop access, victims saw a windowed application named “AWS Secure Storage Connection Stability Test.” Hosted entirely on attacker servers, this RemoteApp masqueraded as a local tool while operating within the RDP session’s encrypted channel. In a sophisticated espionage campaign targeting European government and military institutions, hackers believed to be connected with Russian state actors have been utilizing a lesser-known feature of Windows Remote Desktop Protocol (RDP) to infiltrate systems. The attackers, in collaboration with the Ukrainian State Secure Communications and Information Security Agency, sent emails purporting to be from prestigious organizations like Amazon and Microsoft. GTIG also highlighted the potential use of an RDP proxy tool like PyRDP, which could automate tasks such as file exfiltration, clipboard capture, or session hijacking. The emails contained signed .rdp files, signed with valid SSL certificates, to bypass security measures that would alert users to potential risks. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Notably, the attackers leveraged Windows environment variables (%USERPROFILE%, %COMPUTERNAME%) as command-line arguments to the RemoteApp, enabling reconnaissance without deploying malware.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 08 Apr 2025 02:25:08 +0000

Cyber News related to Hackers Exploiting Windows .RDP Files For Rogue Remote Desktop Connections

How To Protect RDP From Ransomware Attacks - RDP is common across businesses now that roughly half of all Americans can work at least part time from home. Employees can keep their work computers in the office but use them from their home devices through RDP. How Cybercriminals Target RDP As ...
1 year ago Feeds.dzone.com

Rogue AI: What the Security Community is Missing | Trend Micro (US) - Are threat actors, or Malicious Rogue AI, targeting your AI systems to create subverted Rogue AI? Are they targeting your enterprise in general? And are they using your resources, their own, or a proxy whose AI has been subverted. The truth is that ...
11 months ago Trendmicro.com

The Virtual Desktop Revolution: Redefining Work an - A virtual desktop, also referred to as a virtual desktop infrastructure, is a virtualized computing environment that enables users to remotely access and control their desktops from any device with an internet connection. A user who logs in is given ...
1 year ago Feeds.dzone.com

Hackers Exploiting Windows .RDP Files For Rogue Remote Desktop Connections - This method, described as “Rogue RDP” by GTIG, allows attackers to access the victim’s file systems, clipboard data, and potentially even system variables, all under the guise of a legitimate application check. The deployment of ...
5 months ago Cybersecuritynews.com

New Forensic Technique Uncovers Hidden Trails Left by Hackers Exploiting RDP - Forensic tools reconstruct attacker screen activity from thousands of 64x64 pixel bitmap fragments stored in RDP cache files, revealing viewed files and commands. Investigators identify RDP attackers through Windows Event IDs 4624/4625 and unique ...
1 month ago Cybersecuritynews.com

Microsoft fixes Remote Desktop issues caused by Windows updates - "After installing the January 2025 Windows preview update (KB5050094) and later updates, users might experience unexpected disconnections with Remote Desktop Protocol (RDP) sessions, including Remote Desktop Services (RDS)," the company said in a ...
5 months ago Bleepingcomputer.com

CVE-2024-56547 - In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix missed RCU barrier on deoffloading Currently, running rcutorture test with torture_type=rcu fwd_progress=8 n_barrier_cbs=8 nocbs_nthreads=8 nocbs_toggle=100 ...
8 months ago Tenable.com

Windows Remote Desktop Vulnerability Let Attackers Execute Malicious Code Over Network - These Remote Desktop vulnerabilities were among 72 flaws addressed in Microsoft’s May Patch Tuesday, which also fixed five actively exploited zero-day vulnerabilities, including issues in Windows DWM Core Library, Windows Common Log File System ...
3 months ago Cybersecuritynews.com CVE-2025-29966

New Remote Desktop Puzzle Let Hackers Exfiltrate Sensitive Data From Organization - “The RDP bitmap cache is a witness to remote desktop interactions, providing insights into past activities,” Pen Test Partners said to Cyber Security News. In a recent case study, Pen Test Partners investigated a data breach where an ...
4 months ago Cybersecuritynews.com

Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com

Kimusky Hackers Exploiting RDP & MS Office Vulnerabilities in Targeted Attacks - A sophisticated Advanced Persistent Threat (APT) operation named Larva-24005, linked to the notorious Kimsuky threat group, has been discovered actively exploiting critical vulnerabilities in Remote Desktop Protocol (RDP) and Microsoft Office ...
4 months ago Cybersecuritynews.com Equation Kimsuky CVE-2019-0708

Microsoft: Recent Windows updates cause Remote Desktop issues - "After installing the January 2025 Windows preview update (KB5050094) and later updates, users might experience unexpected disconnections with Remote Desktop Protocol (RDP) sessions, including Remote Desktop Services (RDS)," the company said in a new ...
5 months ago Bleepingcomputer.com

Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 364

Warning: Undefined variable $domain_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 466

CVE-2025-38704 - In the Linux kernel, the following vulnerability has been resolved: ...
3 days ago

Windows 11 January 2025 Preview Update Disconnects Remote Desktop Sessions - Microsoft’s January 2025 Windows preview update (KB5050094) for Windows 11 version 24H2 has caused significant issues with Remote Desktop Protocol (RDP) sessions, including Remote Desktop Services (RDS). The policy, named “Windows 11 24H2 ...
5 months ago Cybersecuritynews.com

Microsoft Warns of New StilachiRAT Stealing Remote Desktop Protocol Sessions Data - Microsoft has issued an urgent security advisory regarding a newly discovered malware strain called StilachiRAT, which specifically targets and exfiltrates data from Remote Desktop Protocol (RDP) sessions. Microsoft recommends organizations implement ...
5 months ago Cybersecuritynews.com

SharePoint 0-day Vulnerability Exploited in Wild by All Sorts of Hacker Groups - File Indicators of Compromise (IoCs) SHA-1FilenameDetectionDescriptionF5B60A8EAD96703080E73A1F79C3E70FF44DF271spinstall0.aspxMSIL/Webshell.JSWebshell deployed via SharePoint vulnerabilities Network Indicators of Compromise (IoCs) IP ...
1 month ago Cybersecuritynews.com

ExpressVPN bug leaked user IPs in Remote Desktop sessions - ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users' real IP addresses. Last year, ExpressVPN faced another issue causing DNS ...
1 month ago Bleepingcomputer.com

5 Lessons Learned from Windows Remote Desktop Honeypot Report - Recently, the SANS Institute released their annual Windows Remote Desktop Honeypot Report, providing comprehensive insights into the nature of malicious activity in a Windows environment. In order to understand how your own Windows network can be ...
2 years ago Bleepingcomputer.com

Overcoming Technical Barriers in Desktop and Application Virtualization - As organizations increasingly embrace remote and hybrid work, desktop and application virtualization have become essential strategies for ensuring flexibility, scalability, and security. TruGrid SecureRDP provides a secure, scalable, and ...
1 month ago Bleepingcomputer.com

Google Threat Intelligence Launches Actionable Technique To Hunt for Malicious .Desktop Files - xfce_desktop_window” (behavior_processes:” ; or (behavior_processes:”http” behavior_processes:”.pdf”))Expands detection by combining XFCE environment detection with behaviors involving Google Drive or other ...
3 months ago Cybersecuritynews.com

Surge in coordinated scans targets Microsoft RDP auth servers - A recent surge in coordinated scanning activity has been detected targeting Microsoft Remote Desktop Protocol (RDP) authentication servers. This increase in scanning is believed to be a precursor to potential exploitation attempts, aiming to identify ...
1 week ago Bleepingcomputer.com

New Cephalus Ransomware Leverages Remote Desktop Protocol for Attacks - The newly identified Cephalus ransomware is making waves in the cybersecurity landscape by exploiting Remote Desktop Protocol (RDP) vulnerabilities to infiltrate and compromise systems. This ransomware variant demonstrates sophisticated attack ...
1 week ago Cybersecuritynews.com

Getting a Remote Desktop Freeze? Microsoft Fixes Windows 11 Issue - Microsoft has released a patch to fix the Remote Desktop freeze bug in Windows 11. This bug caused computers to freeze after some users tried to connect using the Remote Desktop protocol. Microsoft's technical support team has been working on the ...
2 years ago Bleepingcomputer.com

Windows 11 to let admins mandate SMB encryption for outbound connections - Windows 11 will let admins mandate SMB client encryption for all outbound connections, starting with today's Windows 11 Insider Preview Build 25982 rolling out to Insiders in the Canary Channel. SMB encryption provides data end-to-end encryption and ...
1 year ago Bleepingcomputer.com