The new variant of Linux botnet WatchBog adds BlueKeep Vulnerability Scanner module to prepare a list of vulnerable windows RDP servers. The hackers behind WatchBog is familiar with exploiting know vulnerabilities.
Bluekeep is windows-based vulnerability which allows an attacker to access the vulnerable machine without authentication. The vulnerability can be tracked as CVE-2019-0708, till now no attack has been spotted exploiting this vulnerability.
Intezer observed the new campaign active before June 5, incorporates various recently published exploits and went undetected by security vendors.