RDP, RDWEB, Citrix Access to Multiple Educational Institutions for Sale

Published 24 May 2021


  • CloudSEK discovered a post advertising RDP, RDWEB, Citrix access to multiple educational institutions

Share this Threat Intel:

Category
Adversary Intelligence
Affected Industries
Multiple Organizations
Data Type
Access
Affected Region
Global

Executive Summary

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a cyber crime forum, advertising RDP, RDWEB, Citrix access to multiple educational institutions. CloudSEK Threat Intelligence Research team is in the process of validating the post.

Threat actor’s post on the cyber crime forum
Threat actor’s post on the cyber crime forum

Sources confirmed the names of affected organizations. 

Name of Affected Companies
URL
Adilus https://www.adilus.com/
Grand State Valley University https://www.gvsu.edu/
Wyższa Szkoła Biznesu – National Louis University https://www.wsb-nlu.edu.pl/
Washington University in St. Louis https://wustl.edu/ 

Potential Impact

  1. Gaining RDP access can potentially provide the threat actor a foothold into the entire network.
  2. Initial compromise can lead to data exfiltration.

Mitigation Measures

  1. Use of strong passwords.
  2. Limited admin access rights to users. Check user privileges.
  3. Admin and other sensitive login pages should not be publicly accessible.
  4. Keep your software updated.

Be informed in your Inbox

Sign up now to our Threat intelligence Newsletter and be the first to know about threats first in your inbox.

Join the Discussions

Discuss your way into our Community about these threats and stay Vigilant and informed.