Intel Name: Rdp configuration files as a means of obtaining remote access to a computer or “rogue rdp”
Date of Scan: November 5, 2024
Impact: Medium
Summary: RDP configuration files (.rdp) are being exploited in a cyberattack targeting Ukrainian state authorities and enterprises. These files facilitate the establishment of outgoing Remote Desktop Protocol connections to attackers’ servers, potentially granting them access to local resources and enabling the execution of unauthorized programs. This tactic, referred to as “Rogue RDP,” underscores the importance of implementing security measures like blocking RDP files and restricting remote access to mitigate such threats.