WHO ARE WE?
Advanced Intelligence is an elite threat prevention firm. Our expert team provide our customers with tailored support and access to the proprietary industry-leading “Andariel” Platform to achieve unmatched visibility into botnet breaches, underground and dark web economy, and mitigate any existing or emerging threats.
AdvIntel obtained complete visibility into UAS - a prolific cybercriminal marketplace specializing in hacked RDP access. The dataset contains 1.3 million compromised RDP servers and associated credentials. The marketplace is tied to a number of high-profile breaches and ransomware cases across the globe. A number of ransomware groups are known to purchase initial access on UAS. This treasure trove of adversary-space data provides a lens into the cybercrime ecosystem, and confirm that low hanging fruit, such as poor passwords, and internet-exposed RDP remain one of the leading causes of breaches.
AM I IN THERE?
While we have notified a number of corporations and government agencies across the world, the sheer size of the dataset precludes comprehensive notification to all victims.
You can submit an email request and, after manual verification, we will be happy to search for you and your organization based on any reverse DNS, IP addresses, domains, or unique network attributes via the subsequent response email message to the provided contact email address.
The contact information is vetted due to the sensitivity to prevent misuse and only for organizations affected.
HOW DO I PROTECT MYSELF
1. Shadowserver's free service will alert you if you have RDP assets exposed to the internet
2. Ensure your RDP servers are configured correctly:
a. Enable NLA
b. Use 2FA for RDP if possible
c. Ensure only complex passwords are used
d. Ensure your environment is free from well-known administrative accounts with well known passwords
b. Ensure RDP servers only accept connections from trusted sources