- Campaign targeted more than 900 companies with sophisticated phishing lures
- The goal was to deploy a remote monitoring and management tool
- Hackers are shifting goals and priorities and businesses must adapt
More than 900 organizations have been targeted by a highly convincing phishing attack which sought to deploy a legitimate remote monitoring and management (RMM) solution and gain access to target endpoints without raising any alarms.
A new report from security researchers at Abnormal claimed criminals would use compromised email accounts and conversation threads, AI-generated phishing pages, and would abuse legitimate file-sharing video conferencing platforms to spoof Zoom and Microsoft Teams with authentic-looking emails.
The goal was to get the victims to install ConnectWise ScreenConnect, a legitimate IT tool repurposed for full remote access. Instead of stealing passwords, attackers lure victims into giving them administrator-level control over corporate systems. Once inside, they launch account takeovers, lateral phishing campaigns, and data theft while blending in with normal IT activity.
Targeting education and religious groups
Among the 900 companies attacked so far, the researchers found the majority were in education and religious groups (14.4%), healthcare and pharma (9.7%), and financial services (9.4%), with other industries like insurance, legal, retail, manufacturing, and tech, also being heavily targeted. Most victims are in the US, UK, Canada, and Australia.
The attacks are powered by a dark web marketplace that sells ScreenConnect “attack kits” for a few thousand dollars, along with network access resold for $500–$2,000.
Some vendors even offer $6,000 custom packages with training and support, effectively turning ScreenConnect abuse into a RAT-as-a-Service business model.
This campaign highlights a dangerous shift, Abnormal believes. Instead of breaking into systems, threat actors are now weaponizing trusted workplace tools to sidestep defenses.
That is why businesses should adopt AI-powered email security, endpoint monitoring, zero-trust, and better staff awareness training, to counter these increasingly sophisticated threats.
You might also like
https://cdn.mos.cms.futurecdn.net/BWBeAxrLrBFHHdNreUhfgW.jpg
Source link
