Thursday, May 1, 2025
HomeComputer SecurityHackers Changing the Main Attack Vector from RDP Compromise to Botnets For...

Hackers Changing the Main Attack Vector from RDP Compromise to Botnets For Network Breach

Published on

SIEM as a Service

Follow Us on Google News

The ransomware evolution re-shaping the cyber domain, starting from 2019 the ransomware attacks against high-profile public and corporate networks by making criminal alliances.

In 2018, threat actors behind GandCrab ransomware launched their Ransomware-as-a-Service which shifts the paradigm and turns the ransomware a full-fledged business with Branding, marketing, outreach.

Threat Actor Group Truniger

Truniger also known as TeamSnatch created by an individual who interested in credit card fraud expanded hacking into through corporate networks and the threat actor uses RDP based vulnerabilities, specifically, brute-forcing to gain access to different RDP databases.

- Advertisement - Google News

The RDP brute-forcing vector proved to be more successful and soon, the truniger started to investigate different ways to monetize the accesses which they obtained, reads Advintel report.

Truniger managed to encrypt more than 1,800 devices using GandCrab by the end of August 2018. The threat actor said that by participating in GandCrab’s affiliate program he learned the methods to launch sophisticated attacks.

RDP databases
Threat Actor Group Evolution Pic: AdvIntel

So the actor decided to build the own ransomware and expand the group by hiring technical support for ransomware operations, for specialists they are to provide monthly salaries up to USD 10,000.

Tools and Techniques Used

The truniger hacker group uses several techniques to distribute the ransomware and the primary attack vector among them is RDP brute-forcing, the threat actor group uses weaponized pentesting tool for initial engagement.

AdvIntel said that “On June 20, 2019, the truniger team shared that they are changing the main attack vector for network breach from RDP compromise to a botnet.”

The group tries to gain Windows system administrators privileges and the group uses mimikatz tool to search for domain admin credentials, financial details and to escalate privileges.

RDP databases
RDP Attacking Tool Pic: AdvIntel

Truniger group said AdvIntel that the loader delivered through targeted email phishing and then recruit them for the botnet, the attackers primary focused on dedicated servers with RDP and interested in Dynamic Data Exchange (DDE).

The notable incident of the Truniger group is the attack on German IT company CityComp and obtained data from companies such as Oracle, SAP, BT, Porsche, Toshiba, Volkswagen, Airbus, and others.

The group also advertised access for various RDP network associated with government networks and the retails shops, the RDP’s are advertised for USD 500 to USD 3,000 depends upon the network.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Commvault Confirms Zero-Day Attack Breached Its Azure Cloud Environment

Commvault, a global leader in data protection and information management, has confirmed that a...

FBI Uncovers 42,000 Phishing Domains Tied to LabHost PhaaS Operation

The Federal Bureau of Investigation (FBI) has revealed the existence of 42,000 phishing domains...

Tor Browser 14.5.1 Released with Enhanced Security and New Features

The Tor Project has announced the official release of Tor Browser 14.5.1, introducing a...

Trellix Launches Phishing Simulator to Help Organizations Detect and Prevent Attacks

Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Nitrogen Ransomware Uses Cobalt Strike and Log Wiping in Targeted Attacks on Organizations

Threat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising...

Researchers Uncovered RansomHub Operation and it’s Relation With Qilin Ransomware

Security researchers have identified significant connections between two major ransomware-as-a-service (RaaS) operations, with evidence...

RansomHub Ransomware Deploys Malware to Breach Corporate Networks

The eSentire’s Threat Response Unit (TRU) in early March 2025, a sophisticated cyberattack leveraging...