From gbhackers.com
Hackers abuse legitimate RDP service to use fileless attack techniques for dropping multi-purpose off-the-shelf tools for device fingerprinting and to deploy malicious payloads ranging from ransomware to cryptocurrency miners.
The Remote Desktop is the built-in feature with most of the Windows installation and it has built-in file-sharing functionality that is used by the attackers as an infection vector.