Logins for 1.3 million Windows Remote Desktop Servers Leaked by UAS

UAS, the biggest hacker platform for hacked RDP credentials, has leaked the login names and passwords for 1.3 million new and previously infected Windows Remote Desktop servers. Researchers get an insight into a bustling cybercrime economy for the first time thanks to this huge leak of stolen remote access credentials, and they can use the evidence to tie up loose ends from past cyberattacks. 

The Remote Desktop Protocol (RDP) is a stable, interoperable protocol that allows network terminals to build and maintain secure connections between clients and servers or virtual machines. RDP is the most sought-after listing by cybercriminals because it works through many Windows operating systems and applications. Criminals will gain access to an entire business network by launching their attack with completely valid login credentials. This allows the offenders to remotely monitor a device because the system will not know the nefarious activities. After all, no authentication measures will be used, enabling the criminals to have complete and unrestricted access. 

UAS, or ‘Ultimate Anonymity Services,’ is a website that offers Windows Remote Desktop login credentials, leaked Social Security numbers, and SOCKS proxy server access. UAS stands out as a wide marketplace that also provides manual authentication of sold RDP account credentials, customer service, and advice about how to keep remote access to a compromised device. 

“The market functions partially like eBay – a number of Suppliers work with the market. They have a separate place to log in and upload the RDPs they hacked. The system will then verify them, collect information about each one (os, admin access? internet speed, CPU, memory etc etc), which is added to the listing. The supplier interface provides real time stats for the suppliers (what sold, what didn’t, what was sold but a refund was asked for, etc). They also provide support if for some reason what you bought doesn’t work. They do take customer support seriously,” a security researcher who wishes to remain anonymous told. 

Threat actors can scan for compromised computers in a specific country, state, area, zip code, ISP, or operating system while buying stolen RDP accounts, helping them to locate the specific server they need.