Technology NewsU.S. Federal Agencies Fall Victim to Cyber Attack Utilizing...

U.S. Federal Agencies Fall Victim to Cyber Attack Utilizing Legitimate RMM Software

-


Jan 26, 2023Ravie LakshmananCyber Threat / Phishing

U.S. Federal Agencies Fall Victim to Cyber Attack Utilizing Legitimate RMM Software

At least two federal agencies in the U.S. fell victim to a “widespread cyber campaign” that involved the use of legitimate remote monitoring and management (RMM) software to perpetuate a phishing scam.

“Specifically, cyber criminal actors sent phishing emails that led to the download of legitimate RMM software – ScreenConnect (now ConnectWise Control) and AnyDesk – which the actors used in a refund scam to steal money from victim bank accounts,” U.S. cybersecurity authorities said.

The joint advisory comes from the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC).

The attacks, which took place in mid-June and mid-September 2022, have financial motivations, although threat actors could weaponize the unauthorized access for conducting a wide range of activities, including selling that access to other hacking crews.

Usage of remote software by criminal groups has long been a concern as it offers an effective pathway to establish local user access on a host without the need for elevating privileges or obtaining a foothold by other means.

In one instance, the threat actors sent a phishing email containing a phone number to an employee’s government email address, prompting the individual to a malicious domain. The emails, CISA said, are part of help desk-themed social engineering attacks orchestrated by the threat actors since at least June 2022 targeting federal employees.

The subscription-related missives either contain a “first-stage” rogue domain or engage in a tactic known as callback phishing to entice the recipients into calling an actor-controlled phone number to visit the same domain.

Irrespective of the approach used, the malicious domain triggers the download of a binary that then connects to a second-stage domain to retrieve the RMM software in the form of portable executables.

The end goal is to leverage the RMM software to initiate a refund scam. This is achieved by instructing the victims to login to their bank accounts, after which the actors modify the bank account summary to make it appear as though the individual was mistakenly refunded an excess amount of money.

In the final step, the scam operators urge the email recipients to refund the additional amount, effectively defrauding them of their funds.

CISA attributed the activity to a “large trojan operation” disclosed by cybersecurity firm Silent Push in October 2022. That said, similar telephone-oriented attack delivery methods have been adopted by other actors, including Luna Moth (aka Silent Ransom).

“This campaign highlights the threat of malicious cyber activity associated with legitimate RMM software: after gaining access to the target network via phishing or other techniques, malicious cyber actors — from cybercriminals to nation-state sponsored APTs — are known to use legitimate RMM software as a backdoor for persistence and/or command and control (C2),” the agencies warned.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.



LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

Google Pixel Watch receives February 2023 update featuring latest security patches

A new update has been pushed to Google Pixel Watch devices, giving users access to important security patches....

Is it a tablet or a laptop? This is the new Xiaomi Book that the firm is preparing

Xiaomi will present a renewal of its convertible and economic concept with Windows 11 very soon in China....

காலநிலை மாற்றம் ஒரு பெருங்கடலை “பேரழிவை” ஏற்படுத்தலாம்

மோசமான வெப்பமயமாதலின் கீழ், தெற்கு மெரிடியனல் ஓவர்டர்னிங் சர்குலேஷன் 2300 இல் முற்றிலும் நிறுத்தப்படலாம் என்று உருவகப்படுத்துதல்கள் தெரிவிக்கின்றன.வலுவான வெப்பமயமாதல் ஆழமான கவிழ்ப்பு சுழற்சியை...

The Last of Us 3 may already be in development against previous forecasts. Plans are to include even PlayStation 6

The series created by Naughty Dog has been success after success, recently going far beyond its native medium....

Is it a tablet or a laptop? This is the new Xiaomi Book that the firm is preparing

Xiaomi will present a renewal of its convertible and economic concept with Windows 11 very soon in China....

The Last of Us 3 may already be in development against previous forecasts. Plans are to include even PlayStation 6

The series created by Naughty Dog has been success after success, recently going far beyond its native medium....

Must read

Siddharth Kiaras grand wedding Photos released

Siddharth Malhotra and Kiara Advani's grand wedding photos...

Is it a tablet or a laptop? This is the new Xiaomi Book that the firm is preparing

Xiaomi will present a renewal of its convertible...