A Look at NLBrute, the RDP Attack Tool
NLBrute is a malicious tool used by threat actors to gain access to RDP instances by brute-forcing or password spraying. It was first released in 2016 by a threat actor called dpxaker and is still used today by ransomware groups. Organizations can reduce the risk of RDP exploitation by not exposing clients directly to the internet and using strong passwords with multifactor authentication (MFA). Malware: NLBrute CVEs: CVE-2019-0708, CVE-2019-1181, CVE-2019-1182 [View Article](https://intel471.com/blog/a-look-at-nlbrute-the-rdp-attack-tool)