Brute-Force Login Reveals Ransomware Infrastructure Network
🔎 The Huntress Tactical Response Team describes how a seemingly routine RDP brute-force alert exposed a larger ransomware-as-a-service ecosystem. Investigators found one successful login used from multiple geographically distributed IPs, domain enumeration activity, and unusual manual searches for credential files rather than typical credential dumping tools. Further pivots on TLS certificates and domains tied the activity to a privacy-focused VPN service and related infrastructure, and the report provides specific IOCs for defenders.
