CyberSecurityBoard
Sponsor Register Login

Hackers Leveraging RMM Tools To Maintain Persistence To Infiltrate And Move Through Networks

Cybersecurity experts have identified a persistent trend of threat actors exploiting legitimate remote monitoring and management (RMM) software to infiltrate networks, maintain access, and facilitate lateral movement. These legitimate tools, which are typically used by IT administrators for system maintenance and support, provide attackers with powerful capabilities that often evade traditional security measures due to their trusted status within enterprise environments. These tools are widely deployed across organizations for legitimate purposes such as system updates, asset management, software deployment, and endpoint troubleshooting, making malicious usage difficult to detect. Intel471 analysts identified that attackers frequently gain initial access to RMM software by compromising user credentials through social engineering tactics or by exploiting vulnerabilities in outdated software. The unsuspecting employee was persuaded to install remote access software like AnyDesk, providing attackers with direct system access. In some cases, attackers take proactive steps to preserve illicit access by creating additional accounts within the RMM platform to maintain persistence even if compromised credentials are reset. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The query logic focuses on process names containing “AnyDesk.exe” while excluding common legitimate paths such as AppData, Downloads, and Program Files directories. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. When executed against Sysmon logs, this query can reveal instances where attackers have hidden RMM tools in unusual locations like the Public Music directory. Intel471 recommends organizations implement strict application control policies and monitor network connections from RMM tools to identify potentially malicious command and control traffic. Security teams can detect suspicious RMM deployments by identifying executions from abnormal locations in the file system. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 19 Mar 2025 16:35:35 +0000


Cyber News related to Hackers Leveraging RMM Tools To Maintain Persistence To Infiltrate And Move Through Networks

The Dangers of Remote Management & Monitoring Tools for Cybersecurity - Remote monitoring and management (RMM) tools are used by business organizations to manage and monitor their enterprise IT infrastructure from a central location. However, the increasing sophistication of hackers and cybercriminals has caused both ...
2 years ago Csoonline.com
20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
3 months ago Cybersecuritynews.com
Hackers Leveraging RMM Tools To Maintain Persistence To Infiltrate And Move Through Networks - Cybersecurity experts have identified a persistent trend of threat actors exploiting legitimate remote monitoring and management (RMM) software to infiltrate networks, maintain access, and facilitate lateral movement. These legitimate tools, which ...
4 months ago Cybersecuritynews.com
New Spam Campaign Abuses Remote Monitoring Tools to Attack Organizations - A sophisticated spam campaign targeting Brazilian organizations has emerged, exploiting legitimate Remote Monitoring and Management (RMM) tools to gain unauthorized access to corporate networks. The campaign primarily targets Brazil now, but security ...
2 months ago Cybersecuritynews.com
Cybercriminals Utilizing Official Remote Surveillance for Viruses - A warning has been issued by the Cybersecurity and Infrastructure Security Agency, National Security Agency, and Multi-State Information Sharing and Analysis Center to alert network defenders about the malicious use of legitimate remote monitoring ...
2 years ago Cybersecuritynews.com
8 Tips on Leveraging AI Tools Without Compromising Security - Forecasts like the Nielsen Norman Group estimating that AI tools may improve an employee's productivity by 66% have companies everywhere wanting to leverage these tools immediately. How can companies employ these powerful AI/ML tools without ...
1 year ago Darkreading.com
Palo Alto Networks and IBM to Jointly Provide AI-Powered Security Offerings - PRESS RELEASE. SANTA CLARA, Calif. and ARMONK, N.Y., May 15, 2024 /PRNewswire/ - Palo Alto Networks, the global cybersecurity leader, and IBM, a leading provider of hybrid cloud and AI, today announced a broad-reaching partnership to deliver ...
1 year ago Darkreading.com
Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
3 months ago Cybersecuritynews.com
Top 5 Remote-Access And RMM Tools Most Abused By Threat Actors  - PDQ Connect is a cloud-based system management tool that allows IT teams to deploy software, run scripts, and manage endpoints remotely, without needing domain access. ScreenConnect (now branded as ConnectWise Control) is a legitimate remote support ...
2 weeks ago Cybersecuritynews.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Kickidler employee monitoring software abused in ransomware attacks - As CISA, the NSA, and MS-ISAC warned in a January 2023 joint advisory, attackers part of many ransomware operations are tricking victims into installing portable remote desktop solutions to bypass software controls and take over their systems without ...
2 months ago Bleepingcomputer.com Hunters Akira Qilin
Detecting And Responding To New Nation-State Persistence Techniques - This article explores the changing landscape of nation-state persistence, advanced detection strategies, and effective response frameworks to help organizations defend against these evolving threats. Nation-state cyber threats have evolved ...
3 months ago Cybersecuritynews.com
Hackers phish finance orgs using trojanized Minesweeper clone - Hackers are utilizing code from a Python clone of Microsoft's venerable Minesweeper game to hide malicious scripts in attacks on European and US financial organizations. Ukraine's CSIRT-NBU and CERT-UA attribute the attacks to a threat actor tracked ...
1 year ago Bleepingcomputer.com
Hackers phish finance orgs using trojanized Minesweeper clone - Hackers are utilizing code from a Python clone of Microsoft's venerable Minesweeper game to hide malicious scripts in attacks on European and US financial organizations. Ukraine's CSIRT-NBU and CERT-UA attribute the attacks to a threat actor tracked ...
1 year ago Bleepingcomputer.com
7 Best Vulnerability Scanning Tools & Software - Vulnerability scanning tools scan assets to identify missing patches, misconfigurations, exposed application vulnerabilities, and other security issues to be remediated. To help you select the best fitting vulnerability scanning solution, we've ...
1 year ago Esecurityplanet.com
15 PostgreSQL Monitoring Tools - 2025 - What is Good?What Could Be Better?Monitoring application performance, user experience, and errors.Some users find the pricing high, especially for larger environments.Continuous server, database, and infrastructure monitoring.The extensive feature ...
2 months ago Cybersecuritynews.com
Top 10 NinjaOne Alternatives to Consider in 2024 - Atera: Best for IT teams needing a unified platform for network and device management, including patch management and automation. Kaseya VSA: Best for IT operations looking for comprehensive IT management including remote control, patch management, ...
1 year ago Heimdalsecurity.com
North Korean Hackers Utilizing Credential Stuffing to Launch Cyberattacks - In an alarming new report, researchers found that North Korean-linked hackers have been using stolen passwords during cyberattacks to gain access to various government, military and financial networks. According to security experts, the creative ...
2 years ago Thehackernews.com
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
2 years ago Hackread.com
Ransomware Gangs Leveraging RMM Tools to Attack Organizations and Exfiltrate Data - Until vendors expose granular telemetry—such as destination fingerprints and unexpected CLI flags—security teams must combine network anomaly detection with strict role-based access policies to spot the first unauthorized console launch before ...
1 day ago Cybersecuritynews.com Medusa Hunters
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
9 months ago Helpnetsecurity.com
A Leader in 2024 Forrester Enterprise Firewall Solutions Wave - Palo Alto Networks has long recognized these challenges, which is why we’ve built a network security platform that not only protects but also fosters business growth and innovation in today’s complex environment. We believe the recognition of ...
9 months ago Paloaltonetworks.com
Hackers Attacking IT Admins by Poisoning SEO to Move Malware on Top of Search Results - In one particularly severe case documented by Tom Barnea and Simon Biggs from the Varonis MDDR Forensics team, a domain administrator downloaded what appeared to be RV-Tools, a popular VMware monitoring utility, from a website that had been ...
2 months ago Cybersecuritynews.com
The Cyber Risk Nightmare and Financial Risk Disaster of Using Personal Messaging Apps in The Workplace - This practice, which is unfortunately still widespread in an environment of relentless cyberattacks, is fraught with major cyber and financial risk. Unsecure messaging apps are a gateway for cybercriminals to access, expose and exploit an ...
1 year ago Cyberdefensemagazine.com
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
3 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)