"US Federal Agencies Fall Victim to Cyber Attack Utilizing Legitimate RMM Software"

At least two US federal agencies were victims of a malicious cyber campaign involving legitimate Remote Monitoring and Management (RMM) software to carry out a phishing scam. US cybersecurity authorities stated that cybercriminal actors sent phishing emails that led to the download of legitimate RMM software, such as ScreenConnect and AnyDesk, which was then used in a refund scam to steal money from victims' bank accounts. The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a joint advisory pertaining to the widespread campaign. The attacks, which occurred between mid-June and mid-September 2022, were financially motivated. However, threat actors could use the access for various activities, including selling it to other hacker groups. The use of remote software by hackers has long been a cause for concern, since it provides an effective approach to gaining local user access on a host without elevating privileges or gaining a foothold through other ways. This article continues to discuss the campaign involving legitimate RMM software. 

THN reports "US Federal Agencies Fall Victim to Cyber Attack Utilizing Legitimate RMM Software"