Threat Actors Leverage RMM Tools to Expand Attack Surfaces

Remote Monitoring and Management (RMM) tools are increasingly exploited by cyber threat actors to infiltrate corporate networks and expand their attack surfaces. These tools, designed for IT administrators to remotely manage endpoints, provide attackers with a stealthy and efficient way to maintain persistence and execute malicious activities. The article details how adversaries leverage legitimate RMM software to bypass traditional security controls, evade detection, and conduct prolonged espionage or ransomware campaigns. It highlights notable incidents where threat groups have abused RMM platforms to deploy malware, steal sensitive data, and disrupt operations. The piece also discusses mitigation strategies, including strict access controls, continuous monitoring, and the importance of vetting third-party vendors who use RMM tools. Organizations are urged to enhance their cybersecurity posture by integrating RMM-specific threat detection and response capabilities into their security frameworks. This comprehensive analysis underscores the evolving tactics of cybercriminals and the critical need for proactive defense mechanisms against RMM-based intrusions.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 04 Nov 2025 11:35:38 +0000

Cyber News related to Threat Actors Leverage RMM Tools to Expand Attack Surfaces

The Dangers of Remote Management & Monitoring Tools for Cybersecurity - Remote monitoring and management (RMM) tools are used by business organizations to manage and monitor their enterprise IT infrastructure from a central location. However, the increasing sophistication of hackers and cybercriminals has caused both ...
2 years ago Csoonline.com

20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
7 months ago Cybersecuritynews.com

Threat Actors Leverage Several RMM Tools to Expand Attack Surface - Threat actors are increasingly exploiting Remote Monitoring and Management (RMM) tools to broaden their attack surface and enhance their cyberattack capabilities. These tools, originally designed for IT administrators to manage and monitor endpoints ...
1 month ago Cybersecuritynews.com

Threat Actors Leverage RMM Tools to Expand Attack Surfaces - Remote Monitoring and Management (RMM) tools are increasingly exploited by cyber threat actors to infiltrate corporate networks and expand their attack surfaces. These tools, designed for IT administrators to remotely manage endpoints, provide ...
1 week ago Cybersecuritynews.com CVE-2023-27350 CVE-2023-27351 Lazarus Group FIN7

CVE-2023-53649 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago

New Spam Campaign Abuses Remote Monitoring Tools to Attack Organizations - A sophisticated spam campaign targeting Brazilian organizations has emerged, exploiting legitimate Remote Monitoring and Management (RMM) tools to gain unauthorized access to corporate networks. The campaign primarily targets Brazil now, but security ...
6 months ago Cybersecuritynews.com

Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
1 year ago Microsoft.com Kimsuky

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
4 months ago Cybersecuritynews.com

Threat Actors Embed Malicious RMM Tools to Gain Silent Initial Access to Organizations - WithSecure analysts identified this campaign through pattern analysis of PDF metadata and delivery mechanisms, noting the consistent use of embedded direct download links pointing to legitimate RMM vendor platforms. A sophisticated cyber campaign ...
3 months ago Cybersecuritynews.com

Hackers Leveraging RMM Tools To Maintain Persistence To Infiltrate And Move Through Networks - Cybersecurity experts have identified a persistent trend of threat actors exploiting legitimate remote monitoring and management (RMM) software to infiltrate networks, maintain access, and facilitate lateral movement. These legitimate tools, which ...
7 months ago Cybersecuritynews.com

Cybercriminals Utilizing Official Remote Surveillance for Viruses - A warning has been issued by the Cybersecurity and Infrastructure Security Agency, National Security Agency, and Multi-State Information Sharing and Analysis Center to alert network defenders about the malicious use of legitimate remote monitoring ...
2 years ago Cybersecuritynews.com

8 Tips on Leveraging AI Tools Without Compromising Security - Forecasts like the Nielsen Norman Group estimating that AI tools may improve an employee's productivity by 66% have companies everywhere wanting to leverage these tools immediately. How can companies employ these powerful AI/ML tools without ...
1 year ago Darkreading.com

What Is Cyber Threat Hunting? - Cyber threat hunting involves proactively searching for threats on an organization's network that are unknown to traditional cybersecurity solutions. A recent report from Armis found that cyber attack attempts increased by 104% in 2023, underscoring ...
1 year ago Techrepublic.com

Operation Morpheus took down 593 Cobalt Strike servers used by threat actors - Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers. Threat actors may have exploited a zero-day in older iPhones, Apple warns. Nation-state ...
1 year ago Securityaffairs.com CVE-2024-0769 CVE-2022-38028 CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-4966 APT28

Top 7 Cyber Threat Hunting Tools for 2024 - Cyber threat hunting is a proactive security measure taken to detect and neutralize potential threats on a network before they cause significant damage. To seek out this type of threat, security professionals use cyber threat-hunting tools. With ...
1 year ago Techrepublic.com

TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
1 year ago Feeds.fortinet.com CVE-2023-42793 APT29

Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
2 years ago Trendmicro.com

Hackers use RMM tools to breach freighters and steal cargo shipments - Cybercriminals have increasingly exploited Remote Monitoring and Management (RMM) tools to infiltrate freighters and steal valuable cargo shipments. This emerging threat highlights the vulnerabilities in maritime logistics and the critical need for ...
1 week ago Bleepingcomputer.com

Top 5 Remote-Access And RMM Tools Most Abused By Threat Actors - PDQ Connect is a cloud-based system management tool that allows IT teams to deploy software, run scripts, and manage endpoints remotely, without needing domain access. ScreenConnect (now branded as ConnectWise Control) is a legitimate remote support ...
4 months ago Cybersecuritynews.com

How to Overcome the Most Common Challenges with Threat Intelligence - Today's typical approach to threat intelligence isn't putting organizations in a place to do that. Instead, many threat intelligence tools are delivering too much uncurated and irrelevant information that arrives too late to act upon. Organizations ...
1 year ago Cyberdefensemagazine.com Hunters

20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
7 months ago Cybersecuritynews.com

Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
1 year ago Microsoft.com

Phishing Campaigns Exploit RMM Tools to Target Businesses - Phishing campaigns are increasingly exploiting Remote Monitoring and Management (RMM) tools to infiltrate business networks. Cybercriminals leverage these legitimate IT management platforms to bypass traditional security measures, making their ...
1 month ago Infosecurity-magazine.com

Kickidler employee monitoring software abused in ransomware attacks - As CISA, the NSA, and MS-ISAC warned in a January 2023 joint advisory, attackers part of many ransomware operations are tricking victims into installing portable remote desktop solutions to bypass software controls and take over their systems without ...
6 months ago Bleepingcomputer.com Hunters Akira Qilin

Companies Must Strengthen Cyber Defense in Face of Shifting Threat Actor Strategies - Critical for organizations to understand attackers' tactics, techniques, and procedures. The 2023 mid-year cyber threat report card portends an ominous outlook with staggering data including the fact that 332 million cryptojacking attacks were ...
1 year ago Cyberdefensemagazine.com