Originally Posted by
Antarius
RDP on servers running EOL Operating Systems open to the public internet is not indicative of state actor sophistication.
it reeks of weapons grade incompetence.
One does not exclude the other. I do agree that AX would have noticed a disproportional increase in fraud on the SPG cards and for an exploit that is 4 years old, there is no point in saving PCI for later use - most early cards would be expired by now. Of course, if it took longer to get the keys - maybe access to PCI is more recent.
Anyhow - how did you come up with RDP on old windows systems? I haven't seen that - did I miss anything?