The malware, which has been used in an espionage attack since 2022, includes a capability that specifically targets the client drive mapping feature within Remote Desktop Protocol.
Recent ESET research shows a staggering increase in the number of attacks against Remote Desktop Protocol in 2020--a clear sign of how effective the method is when breaching networks and compromising machines.
Microsoft's February security update fixes the vulnerability that can result in reverse RDP attacks in the built-in Windows RDP client, but third-party RDP clients are still vulnerable, Check Point said.
The shift to remote work has caused a spike in the number of RDP servers exposed to the Internet, along with an increase in the number of scans for those servers.
Microsoft looked at Windows Events Log to understand what RDP brute-force attacks looked like in the enterprise, and found that attackers frequently space out the login attempts over several days to avoid detection.