Large-Scale Botnet Targeting RDP Services in the US with Over 100,000 IPs

A new large-scale botnet has been identified targeting Remote Desktop Protocol (RDP) services in the United States, utilizing more than 100,000 IP addresses. According to reports from GreyNoise, the attacks commenced on October 8, 2025. This botnet represents a significant threat due to its scale and the potential impact on organizations relying on RDP for remote access.

RDP is a common target for cyber attacks due to its widespread use and the potential for direct system access. Successful exploitation can lead to data breaches, ransomware attacks, and further propagation of the botnet. The use of over 100,000 IP addresses suggests a well-organized and potentially sophisticated operation.

The technical implications of this botnet include the likelihood of brute-force attacks, credential stuffing, and exploitation of known vulnerabilities in RDP. Organizations should ensure that their RDP services are secured with strong authentication mechanisms, such as multi-factor authentication (MFA), and that all systems are up-to-date with the latest security patches.

The impact on the cybersecurity landscape is significant. Organizations will need to increase their vigilance and implement stronger security measures. Incident response teams should be prepared to detect and respond to potential breaches resulting from these attacks. Sharing threat intelligence about this botnet with other organizations and cybersecurity communities can aid in collective defense efforts.

From an expert perspective, botnets targeting RDP are not new, but the scale of this operation is notable. Historically, botnets like TrickBot and Emotet have targeted RDP services. Mitigation strategies include implementing MFA, limiting RDP access to specific IP addresses, and monitoring for unusual activity. As remote work continues to be prevalent, RDP and other remote access tools will remain attractive targets for cybercriminals. Organizations should expect and prepare for more sophisticated attacks on these services.

In conclusion, this large-scale botnet targeting RDP services in the US highlights the ongoing threat to remote access protocols. Organizations must take proactive measures to secure their RDP services and remain vigilant against potential attacks.