Monthly Archives: August 2020


Hackers From Iran Are Spreading Dharma Ransomware Via RDP Ports

A group of hackers from Iran are targeting worldwide companies that use public-facing Remote Desktop Protocol (RDP) and infecting them with the Dharma Ransomeware.

The attackers would lunch their campaign by first scaning ranges of IPs for hosts that contained these vulnerable RDP ports like 3389 which is the default RDP port, afterwards attempt weak credentials. They have been using a scanning software called Masscan.

Once vulnerable hosts were identified, the attackers deployed a well-known RDP brute force application called NLBrute, which has been sold on the dark web forums. Using this tool, they are able to brute-force their way into the system, and then check the validity of obtained credentials on other accessible hosts in the network.

Attackers also attempted to elevate privileges using an exploit for an elevation privilege flaw. This medium-severity flaw (CVE-2017-0213), which affects Windows systems, can be exploited when an attacker runs a … Read the rest

Stay Informed

Receive instant notifications when new content is released.