This warning comes after CISA discovered malicious activity on two federal civilian executive branch networks.
Yesterday, the Cybersecurity and Infrastructure Security Agency ( CISA ), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published a joint cybersecurity advisory warning network defenders about phishing attacks that leverage remote monitoring and management (RMM) software. This advisory comes after CISA discovered malicious RMM activity on two federal civilian executive branch (FCEB) networks and identified this activity as part of a larger refund scam campaign RMM software, similar to remote desktop software, provides users with a set of tools to remotely access and manage computer systems. Unfortunately, as we reported recently , threat actors have taken to using this legitimate software in place of malware to access victims’ devices. Since RMM software is also used by those providing authentic IT support, it can be difficult for users to distinguish between legitimate and malicious uses of this software, particularly when threat actors pose as IT support technicians.
