Gbhackers
Russian Hackers Use CTRL Toolkit for RDP Hijacking via FRP Tunnels
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Russian hackers have deployed a new remote access toolkit named 'CTRL' to hijack Remote Desktop Protocol (RDP) sessions. This toolkit utilizes FRP-based reverse tunnels to gain stealthy access to compromised Windows systems. The CTRL toolkit integrates methods for credential theft, keylogging, and RDP exploitation into a unified post-exploitation framework. Currently, it remains undetected by many public malware scanners, posing a significant risk to organizations using RDP. The attack primarily targets Windows systems, which are vulnerable to this new method of exploitation. The toolkit's silent operation allows attackers to maintain hands-on access without raising alarms. Organizations relying on RDP should be particularly vigilant against this emerging threat. The situation is ongoing, with no reported mitigation strategies available yet.
Key Points: • Russian hackers are using a new toolkit called 'CTRL' for RDP hijacking. • The toolkit employs FRP-based reverse tunnels for stealthy access to Windows systems. • Current malware scanners are unable to detect the CTRL toolkit, increasing its threat level.