Another genuine enterprise software platform is being misused by cybercriminals to deliver malware and ransomware to unwitting victims. The DFIR Report’s cybersecurity analysts identified many threat actors using Action1 RMM, an otherwise benign remote desktop monitoring and management tool.
Action1, like any other remote management tool, is used by managed service providers (MSPs) and other IT teams to manage endpoints in a network from a remote location. It can be used to handle software patches, software installation, troubleshooting, and other related tasks.
In accordance to a BleepingComputer study, fraudsters are targeting this software in particular because of the variety of functionality it provides in its free edition. The free plan allows for up to 100 endpoints to be serviced – the only limitation for the free edition, which could make it an appealing tool for thieves.
Several anonymous teams have been found employing Action1 in their ads, but one in particular sticks out – Monti. This gang was discovered last summer by BlackBerry Incident Response Team cybersecurity researchers, and it was later discovered that Monti has many characteristics with the famed Conti syndicate.
Conti’s attacks were typically launched via AnyDesk or Atera rather than Action1. The attackers were also seen utilizing Zoho’s ManageEngine Desktop Central. In either instance, the attackers would employ remote monitoring and management tool
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: