Do you know what questions to ask when you're looking for an IT firm? We're here to help. Get the free guide delivered right to your inbox:
Although this campaign appears financially motivated, the authoring organizations assess it could lead to additional types of malicious activity. For example, the actors could sell victim account access to other cyber criminal or advanced persistent threat (APT) actors. This campaign highlights the threat of malicious cyber activity associated with legitimate RMM software: after gaining access to the target network via phishing or other techniques, malicious cyber actors—from cybercriminals to nation-state sponsored APTs—are known to use legitimate RMM software as a backdoor for persistence and/or command and control (C2).
In December 2017, Symantec published a report titled "Protecting Against Malicious Use of Remote Monitoring and Management Software" which details the threat landscape associated with legitimate RMM software. This campaign is one of the first indicators of this threat landscape, as previously described in the December 2017 report by Symantec on a campaign targeting organizations in industries that are highly susceptible to remote access tools (RATs).
Source: Protecting Against Malicious Use of Remote Monitoring and Management Software - AlienVault - Open Threat Exchange