New Spam Campaign Abuses Remote Monitoring Tools to Attack Organizations

A sophisticated spam campaign targeting Brazilian organizations has emerged, exploiting legitimate Remote Monitoring and Management (RMM) tools to gain unauthorized access to corporate networks. The campaign primarily targets Brazil now, but security researchers warn that similar tactics could easily be adapted for other regions, representing an evolving threat that leverages legitimate tools to bypass standard security measures. When examining the network traffic generated by these RMM tools, investigators discovered communications disguised as regular business traffic, using HTTPS connections to legitimate domains such as “upload1.am.remote.management” that belong to the RMM provider’s infrastructure. Analysis of the attack patterns strongly suggests the operation is run by initial access brokers (IABs) – criminal entities specializing in network compromise who subsequently sell that access to other threat actors, including ransomware operators and advanced persistent threat groups. Once installed, these tools grant complete access to the victim machine, including remote desktop capabilities, command execution, screen monitoring, keystroke logging, and unrestricted file system access. Cisco Talos researchers identified that the threat actors are abusing commercial remote monitoring applications including PDQ Connect and N-able Remote Access (formerly associated with SolarWinds). Discovered in early 2025, this attack campaign specifically targets Portuguese-speaking users through deceptive emails that trick victims into installing commercial RMM software, effectively granting attackers complete control over compromised systems. These applications provide comprehensive remote control capabilities that, while intended for legitimate IT management, become powerful backdoors when deployed by malicious actors. The attackers leverage Brazil’s electronic invoice system (NF-e) as a social engineering lure, crafting convincing spam messages that appear to originate from financial institutions or telecommunications providers regarding overdue payments or electronic receipts. These malicious communications contain hyperlinks directing victims to Dropbox-hosted files containing installer binaries for legitimate RMM tools. The malicious aspects of this campaign are particularly effective because the deployed software is digitally signed by recognized vendors, helping it bypass standard security controls. Educational and government institutions have also appeared on the target list, indicating a methodical victim selection process designed to maximize potential financial gain or data access. Upon clicking these links, victims download what appears to be invoice-related software but actually installs legitimate RMM tools configured with attacker-controlled parameters. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Evidence indicates the attackers are exploiting the 15-day free trial periods of these RMM solutions, creating multiple trial accounts using disposable email addresses to maintain operational continuity. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. This complicates detection since the traffic appears legitimate and connects to authorized business services rather than known malicious infrastructure. Cisco Talos analysts noted that this approach provides attackers with a fully-featured backdoor without requiring custom malware development or costly infrastructure investment.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 08 May 2025 19:40:10 +0000


Cyber News related to New Spam Campaign Abuses Remote Monitoring Tools to Attack Organizations

15 PostgreSQL Monitoring Tools - 2025 - What is Good?What Could Be Better?Monitoring application performance, user experience, and errors.Some users find the pricing high, especially for larger environments.Continuous server, database, and infrastructure monitoring.The extensive feature ...
6 days ago Cybersecuritynews.com
20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
1 month ago Cybersecuritynews.com
10 Best Event Monitoring Tools in 2025 - What Could Be Better?Offers alerting and notification options that can be changed based on conditions already set.Offers a lot of ways to keep track of different IT components, services, and applications.Nagios can send out too many alerts and make ...
2 months ago Cybersecuritynews.com
Comprehensive Cloud Monitoring Platforms: Ensuring - Platforms for comprehensive cloud monitoring come into play in this situation. In this article, we will explore the significance of comprehensive cloud monitoring platforms and delve into some leading solutions available in the market today. ...
1 year ago Feeds.dzone.com
New Spam Campaign Abuses Remote Monitoring Tools to Attack Organizations - A sophisticated spam campaign targeting Brazilian organizations has emerged, exploiting legitimate Remote Monitoring and Management (RMM) tools to gain unauthorized access to corporate networks. The campaign primarily targets Brazil now, but security ...
2 hours ago Cybersecuritynews.com
10 Best Systems Management Tools & Software - 2025 - Op5 Monitor is an advanced network monitoring solution designed for IT infrastructure management, ensuring high availability and performance across networks, servers, and applications. What is Good ?What Could Be Better?Most cost-effective, scalable, ...
1 month ago Cybersecuritynews.com
8 Tips on Leveraging AI Tools Without Compromising Security - Forecasts like the Nielsen Norman Group estimating that AI tools may improve an employee's productivity by 66% have companies everywhere wanting to leverage these tools immediately. How can companies employ these powerful AI/ML tools without ...
1 year ago Darkreading.com
The Dangers of Remote Management & Monitoring Tools for Cybersecurity - Remote monitoring and management (RMM) tools are used by business organizations to manage and monitor their enterprise IT infrastructure from a central location. However, the increasing sophistication of hackers and cybercriminals has caused both ...
2 years ago Csoonline.com
'Wall of Flippers' detects Flipper Zero Bluetooth spam attacks - A new Python project called 'Wall of Flippers' detects Bluetooth spam attacks launched by Flipper Zero and Android devices. By detecting the attacks and identifying their origin, users can take targeted protection measures, and culprits can ...
1 year ago Bleepingcomputer.com
10 Best Email Security Gateways in 2025 - Barracuda Email Security Gateway is a solution that helps protect organizations from email-borne threats such as spam, viruses, phishing, and other malicious content. It uses various methods, including filtering, encryption, and sandboxing, to ...
2 months ago Cybersecuritynews.com
Navigating the Security Risks of Multicloud Management - The lack of visibility and control over multiple clouds exacerbates these risks, making it imperative for organizations to adopt robust cloud security practices. These tools enhance visibility across multiple cloud environments by providing a unified ...
7 months ago Darkreading.com
How Healthcare Organizations can use ASPM to Fill CSPM Coverage Gaps and Save Money - In recent years, healthcare organizations have increasingly moved their healthcare information systems applications and infrastructure to the cloud to take advantage of its scalability, flexibility and cost-effectiveness. To mitigate these risks, ...
1 year ago Securityboulevard.com
Flipper Zero can now spam Android, Windows users with Bluetooth alerts - A custom Flipper Zero firmware called 'Xtreme' has added a new feature to perform Bluetooth spam attacks on Android and Windows devices. A security researcher previously demonstrated the technique against Apple iOS devices, inspiring others to ...
1 year ago Bleepingcomputer.com
4 types of cloud security tools organizations need in 2024 - By now, organizations know which on-premises security tools they need, but when it comes to securing the cloud, they don't always understand which cloud security tools to implement. While many traditional on-premises tools and controls work in the ...
1 year ago Techtarget.com
CVE-2008-7092 - Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a ...
7 years ago
Russian Cyberattackers Launch Multiphase PsyOps Campaign - Russia-linked threat actors employed both PysOps and spear-phishing to target users over several months at the end of 2023 in a multiwave campaign aimed at spreading misinformation in Ukraine and stealing Microsoft 365 credentials across Europe. The ...
1 year ago Darkreading.com
Enhancing your DevSecOps with Wazuh, the open source XDR platform - As DevSecOps practices continue to evolve, Wazuh offers a flexible, open source platform that integrates security throughout the development and operations lifecycle. Implementing automated security scans for your software environment ensures ...
3 weeks ago Bleepingcomputer.com
Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
1 month ago Cybersecuritynews.com
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
2 years ago Trendmicro.com
Optimizing Cybersecurity: How Hackers Use Golang Source Code Interpreter to Evade Detection - Hackers have been upping the stakes when it comes to executing cyberattacks, and an increasingly popular tool in their arsenal is the Golang source code interpreter. Reportedly, the interpreter is used to obfuscate code, thus making it harder for ...
2 years ago Bleepingcomputer.com
Comprehensive Guide to Fraud Detection, Management, & Analysis - To mitigate risks, businesses can use risk management strategies, including fraud detection software, company policies, and staff ranging from risk managers and trust officers to fraud analysts. Affiliate Fraud - Affiliates in a marketing arrangement ...
1 year ago Securityboulevard.com
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
2 years ago Trendmicro.com
Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Hack Corporate Email Accounts - Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network accounts that were used for creating malicious OAuth applications as part of a malicious campaign designed to breach organizations' cloud environments and steal email. ...
2 years ago Thehackernews.com
Microsoft fixes machine learning bug flagging Adobe emails as spam - In August 2024, it also mitigated an Exchange Online bug that tagged emails containing images as malicious and sent them to quarantine automatically, while in October 2023, it had to disable a bad anti-spam rule that was flooding Microsoft 365 ...
2 weeks ago Bleepingcomputer.com
Microsoft fixes Exchange Online bug flagging Gmail emails as spam - In a final update to the incident report added on May 1 at 16:31 UTC, Microsoft said it successfully reverted the buggy ML model to the previous working version, mitigating the false positive issue. It also added that admins and users may have ...
6 days ago Bleepingcomputer.com

Cyber Trends (last 7 days)