Protecting Remote Access to Your Computer: RDP Attacks and Server Credentials for Sale | Duo Security: After these attacks, hackers will sell credentials in a now-defunct xDedic marketplace that offered as many as 250,000 RDP server credentials for sale that gives a buyer access to all of the data on the server and the possibility to launch future attacks using the server, according to Kaspersky Lab. Features of the compromised servers were listed in the marketplace, including RDP configuration, memory, software, browsing history and more.
https://securelist.com/blog/research/75120/the-tip-of-the-iceberg-an-unexpected-turn-in-the-xdedic-story/