Detects when the ScreenConnect client (ConnectWise Control) connects to a newly observed host server that is not the official ScreenConnect cloud. ScreenConnect is a common RMM/remote access tool ...
This project is a hands-on network traffic analysis of a real-world malware PCAP exercise. Acting as a SOC Analyst, I analyzed captured network traffic to identify, document, and map a NetSupport ...
The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of October ...
A widening cyber campaign using legitimate remote-access software to infiltrate government targets has been identified by cybersecurity researchers. The operation, discovered by Group-IB and UKUK and ...
Threat actors have observed the increasingly common ClickFix technique to deliver a remote access trojan named NetSupport RAT since early January 2025. NetSupport RAT, typically propagated via bogus ...
Once the guardian angels of IT systems, remote monitoring and management (RMM) tools have become the Trojan horses of choice for savvy attackers. Attackers are increasingly abusing legitimate network ...
Cybercriminals who have been using the Black Basta ransomware have been observed abusing the remote management tool Quick Assist in vishing (voice phishing) attacks, Microsoft reports. Active since ...
A malicious email campaign is targeting hundreds of Microsoft Office users in US-based organizations to deliver a remote access trojan (RAT) that evades detection, partially by showing up as ...