IT service providers use RMM applications to remotely manage their clients’ networks and endpoints, but threat actors are abusing these tools to gain unauthorized access to victim environments and perform nefarious activities.
In malicious campaigns observed in 2022, threat actors sent phishing emails to deploy legitimate RMM software such as ConnectWise Control (previously ScreenConnect) and AnyDesk on victims’ systems, and abuse these for financial gain.