Detection of Recent RMM Distribution Cases Using AhnLab EDR
AhnLab SEcurity intelligence Center (ASEC) has recently observed an increase in attack cases exploiting Remote Monitoring and Management (RMM) tools. Whereas attackers previously exploited remote control tools during the process of seizing control after initial penetration, they now increasingly leverage RMM tools even during the initial distribution phase across diverse
RMM Tools (Syncro, SuperOps, NinjaOne, etc.) Being Distributed Disguised as Video Files
AhnLab SEcurity intelligence Center (ASEC) recently discovered cases of attacks using RMM tools such as Syncro, SuperOps, NinjaOne, and ScreenConnect. Threat actors distributed a PDF file that prompted users to download and run the RMM tool from a disguised distribution page such as Google Drive. The certificate used to sign
ConnectWise ScreenConnect Security Update Advisory (CVE-2025-14265)
Overview We have released a security update to address a vulnerability in ConnectWise ScreenConnect. Users of affected products are advised to update to the latest version. Affected Products CVE-2025-14265 ConnectWise ScreenConnect version: 25.less than 8 Resolved Vulnerabilities Integrity Unvalidated Code Download Vulnerability in
Infected Systems Controlled Through Remote Administration Tools – Detected by EDR (2)
Remote administration tools, also known as RAT, are software that provide the ability to manage and control terminals at remote locations. Recently, there has been an increase in cases where remote administration tools are installed instead of backdoor malware during the initial access or lateral movement phases to control the
