SiliconANGLE reports that over 900 organizations across various sectors, most of which are in the U.S., have been subjected to attacks spreading a trojanized version of the ConnectWise ScreenConnect remote monitoring and management tool as part of an ongoing campaign.Threat actors have leveraged malicious emails purporting to be Microsoft Teams and Zoom invitations with links redirecting to phishing pages that install the illicit ScreenConnect tool, facilitating admin-level access, lateral network movement, credential theft, and further phishing compromise, according to a report from Abnormal AI. Intrusions also involved the utilization of Cloudflare Workers hosting, open redirect exploits, and SendGrid domain wrapping to conceal nefarious links from sophisticated detection systems. Further analysis showed the growing prevalence of pre-packaged "ScreenConnect Revolution" kits that circumvent Windows Defender and feature covert virtual network computing features across the dark web. "This campaign serves as a critical reminder that modern threats increasingly weaponize trusted systems rather than circumvent them," said the report.
Threat Intelligence, Phishing
Trojanized ScreenConnect deployed in widespread attack

Credit: Adobe Stock Images
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



