This massive leak is offering the researchers, for the first time, a glimpse into the bustling cybercrime economy, meanwhile putting into a new perspective the ways in which they can use the data to tie up loose ends on previous cyberattacks.

Why is RDP so important?

Remote Desktop Protocol (RDP) is meant to be a secure, interoperable protocol that enables network terminals, having the job to create and establish secure connections between the clients and servers or virtual machines.
With RDP working across different Windows operating systems and devices, it’s the most sought-after listing by cybercriminals.
The criminals can obtain access to an entire corporate network with the attack starting from perfectly legitimate login credentials, in this way the attackers can remotely control a computer, and the system will not recognize the nefarious activity taking place, therefore no security measure will be used, allowing the criminals to have full and uninterrupted access.

UAS, and its implication in the RDP credentials fraud.

UAS, also known as ‘Ultimate Anonymity Services,’ is a marketplace that sells Windows Remote Desktop login credentials, stolen Social Security Numbers, as well as access to SOCKS proxy servers.
UAS stands out by being such a large marketplace, and by offering manual verification of sold RDP account credentials, customer support, and tips regarding ways in which you can maintain remote access to a compromised computer.

The market functions partially like eBay – a variety of Suppliers work with the market. They have a separate place to log in and upload the RDPs they hacked. The system will then verify them, collect information about all (os, admin access, internet speed, CPU, memory, etc), which is added to the listing.
The supplier interface provides real-time stats for the suppliers (what sold, what didn’t, what was sold but a refund was asked for, etc).
They also provide support if for a few reasons what you purchased doesn’t work. They do take customer support seriously.


When purchasing stolen RDP accounts, threat actors can seek compromised devices in a particular country, state, city, zip code, ISP, or OS, allowing them to seek out the particular server they need.
Potential buyers can dig down deeper on each server to visualize the amount of Windows accounts, the web connection speed, the server’s hardware, and more, as shown below.

Heimdal Official Logo
Your perimeter network is vulnerable to sophisticated attacks.

Heimdal® Threat Prevention - Network

Is the next-generation network protection and response solution that will keep your systems safe.
  • No need to deploy it on your endpoints;
  • Protects any entry point into the organization, including BYODs;
  • Stops even hidden threats using AI and your network traffic log;
  • Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

From the data gathered by researchers at this time UAS is selling a massive 23,706 RDP credentials, even with the filtering of servers being considered.

A Year-long Exponential Rise in RDP Credential Fraud

Security Alert: A critical vulnerability in Microsoft RDP could lead to another WannaCry-magnitude attack

Leave a Reply

Your email address will not be published. Required fields are marked *