RDP, RDWEB, Citrix Access to Multiple Educational Institutions for Sale

###### Category Adversary Intelligence
###### Affected Industries Multiple Organizations
###### Data Type Access
###### Affected Region Global

Executive Summary

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a cyber crime forum, advertising RDP, RDWEB, Citrix access to multiple educational institutions. CloudSEK Threat Intelligence Research team is in the process of validating the post.

Threat actor’s post on the cyber crime forum

Sources confirmed the names of affected organizations.

###### Name of Affected Companies ###### URL
Adilus https://www.adilus.com/
Grand State Valley University https://www.gvsu.edu/
Wyższa Szkoła Biznesu – National Louis University https://www.wsb-nlu.edu.pl/
Washington University in St. Louis https://wustl.edu/

Potential Impact

  1. Gaining RDP access can potentially provide the threat actor a foothold into the entire network.
  2. Initial compromise can lead to data exfiltration.

Mitigation Measures

  1. Use of strong passwords.
  2. Limited admin access rights to users. Check user privileges.
  3. Admin and other sensitive login pages should not be publicly accessible.
  4. Keep your software updated.
1 Like