U.S. Federal Agencies Fall Victim to Cyber Attack Utilizing Legitimate RMM Software

2023-01-26 04:27

At least two federal agencies in the U.S. fell victim to a "Widespread cyber campaign" that involved the use of legitimate remote monitoring and management software to perpetuate a phishing scam.

"Specifically, cyber criminal actors sent phishing emails that led to the download of legitimate RMM software - ScreenConnect and AnyDesk - which the actors used in a refund scam to steal money from victim bank accounts," U.S. cybersecurity authorities said.

The emails, CISA said, are part of help desk-themed social engineering attacks orchestrated by the threat actors since at least June 2022 targeting federal employees.

Irrespective of the approach used, the malicious domain triggers the download of a binary that then connects to a second-stage domain to retrieve the RMM software in the form of portable executables.

The end goal is to leverage the RMM software to initiate a refund scam.

"This campaign highlights the threat of malicious cyber activity associated with legitimate RMM software: after gaining access to the target network via phishing or other techniques, malicious cyber actors - from cybercriminals to nation-state sponsored APTs - are known to use legitimate RMM software as a backdoor for persistence and/or command and control," the agencies warned.

News URL

https://thehackernews.com/2023/01/us-federal-agencies-fall-victim-to.html

#attack