100,000+ IP Botnet Launches Coordinated RDP Attack Wave Against US Infrastructure
ATT&CK techniques detected
T1584.005Botnet
76%
“targeting beginning this week is attributable to a multi - country botnet. discovery timeline spike in brazil - geolocated ips the botnet was discovered after greynoise detected an unusual spike in brazilian ip space this week, which prompted investigation into broader traffic pa…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1584.005Botnet
72%
“100, 000 + ip botnet launches coordinated rdp attack wave against us infrastructure update : 15 october 2025 greynoise is sharing an executive situation report ( sitrep ) for this event, providing leadership with actionable judgments and evidence to support decision making. updat…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Since October 8, 2025, GreyNoise has tracked a coordinated botnet operation involving over 100,000 unique IP addresses from more than 100 countries targeting Remote Desktop Protocol (RDP) services in the United States.