Russian Hackers Use CTRL Toolkit for RDP Hijacking via FRP Tunnels

Russian Hackers Use CTRL Toolkit for RDP Hijacking via FRP Tunnels

First seen 30 Mar 2026, 22:44 UTC ThehackernewsGbhackersCybersecuritynewsBleepingcomputerItnews.Au+4 83% similarity 69.5

Article Content

Browse articles
ThreatCluster

Russian hackers have deployed a new remote access toolkit named 'CTRL' to hijack Remote Desktop Protocol (RDP) sessions. This toolkit utilizes FRP-based reverse tunnels to gain stealthy access to compromised Windows systems. The CTRL toolkit integrates methods for credential theft, keylogging, and RDP exploitation into a unified post-exploitation framework. Currently, it remains undetected by many public malware scanners, posing a significant risk to organizations using RDP. The attack primarily targets Windows systems, which are vulnerable to this new method of exploitation. The toolkit's silent operation allows attackers to maintain hands-on access without raising alarms. Organizations relying on RDP should be particularly vigilant against this emerging threat. The situation is ongoing, with no reported mitigation strategies available yet.

Key Points: • Russian hackers are using a new toolkit called 'CTRL' for RDP hijacking. • The toolkit employs FRP-based reverse tunnels for stealthy access to Windows systems. • Current malware scanners are unable to detect the CTRL toolkit, increasing its threat level.

ThreatCluster AI

Timeline

2026-03-30
Gbhackers and Thehackernews report on CTRL toolkit deployment.

Community

Browse all →