2019 GoldBrute Distribution In Zambia

2019 Goldbrute distribution apparently is not affected the Zambia ICT platform yet but systems admins are urged to keep alert for the greatest threat to Windows RDP.

.

In the past few days, a botnet GoldBrute has appeared that’s attempted 1 million plus brute force on the Windows RDP system. The distribution is vast worldwide including a presence in Africa with the Republic of Congo, Madagascar, and South Africa reportedly.

.

Bluekeep Windows RDP Threat

Barely a month ago Microsoft discovered a Windows Vulnerability that a botnet Bluekeep could exploit the Windows Remote Desktop RDP. Microsoft immediately on 14th May released an OS legacy patch encouraging admin to patch up or in mitigation completely disable the RDP port.

.

This was extremely a rare patch forcing Microsoft to issue an update because Microsoft stopped supporting some legacy systems such as Windows Server 2003 and Windows XP.

.

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests

.

Researchers demonstrated how a hacker could penetrate a system in less than a minute using the BlueKeep RDP vulnerability. This vulnerability is pre-authentication meaning the attacker could easily get into the system and interact as a user without using a password.

.

NSA joined Microsoft and other researchers calling on admins to patch the Windows system or entirely close the RDP port. Microsoft urged system admins to still patch up even if they planned to do away with RDP. The fear emerged as this could turn into another WannaCry disaster.

.

All server admins have been called on to patch the system to thwart this dangerous activity. The affected OS legacy systems are Windows 2007, Server 2008, XP, and 2003.

Download The Patch From Microsoft

.

GoldBrute Is Distributed In These Countries

.

But this week there is an emergency of GoldBrute. According to the threatpost 2019 GoldBrute distribution already affects 10 African countries that include the neighboring Democratic Republic of Congo, South Africa, and Madagascar.

.

Other African countries affected by GoldBrute are Morocco, Mali, Sierra Leon, Nigeria, Chad, Ethiopia, and Egypt.

.

In total, the GoldBrute has infected more than 47 countries Worldwide and the threat is still counting. China is the most hit with more than 190,000 computers.

.

GoldBrute is controlled by an IP address in the range 104.156.249.0 – 104.156.249.255 located in New Jersey USA.

.

GoldBrute poses a greater threat to Windows than BlueKeep and if not properly handled may result in a devastating botnet. This is according to folks at Threatpost the stern warning is about GoldBrute rather than Bluekeep:

.

A botnet has appeared that has attempted to brute-force 1.5 million RDP connections to Windows systems in the last few days — and counting.

While everyone’s talking about the BlueKeep Mega-Worm, this is not the main monster to fear, according to recent web attack activity. Rather, a researcher is warning that the GoldBrute botnet poses the greatest threat to Windows systems right now.