"rmm tools : a gateway for bulk attacks | huntress msps frequently rely on remote monitoring and management ( rmm ) tools as a way to remotely manage and monitor their customers ’ it environments, including remotely troubleshooting issues. but for threat actors, msp rmms are an ea…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1219Remote Access Tools
97%
"##m abuse made up 6. 5 % of the most common threat categories overall ). figure 4 : rmm abuse made up 6. 5 % of the most common threat categories in 2024 we see threat actors abusing rmms in different ways : - attackers hijack and use existing software that ' s already installed …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1219Remote Access Tools
93%
"incidents could have led to further attacks, such as the threat actor performing data theft and / or deploying ransomware. however, huntress isolated the impacted endpoints before the attacks progressed any further, and advised the msp to shut down its rmm instance, rotate all cr…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1219Remote Access Tools
89%
"preventing rmm abuse businesses can take several steps to defend against rmm abuse. msps should be particularly cognizant of their rmm tools, as well as legacy rmms installed within their customer environments, due to the impacts outlined above. here are some measures that can he…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1219Remote Access Tools
80%
"to keep up with the latest vulnerability fixes want to learn more about threat actor tradecraft like rmm abuse? join our team each month for tradecraft tuesday, where we dissect hacker techniques, talk tech, and more. sign up today."
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1219Remote Access Tools
77%
"##ared tunnels on all three customers with the same token ( as seen by the following command : c : \ windows \ system32 \ cloudflared. exe " tunnelrun – token [ redacted ] ). we have seen other incidents where threat actors installed cloudflared tunnels to set the stage for persi…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1219Remote Access Tools
44%
"since the kaseya attack, but huntress continues to see threat actors compromise rmms in msp environments to hit multiple customers. huntress ’ security operations center ( soc ) analysts recently saw an incident in june, where a threat actor compromised an msp ’ s rmm instance, e…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
31%
"rmm tools : a gateway for bulk attacks | huntress msps frequently rely on remote monitoring and management ( rmm ) tools as a way to remotely manage and monitor their customers ’ it environments, including remotely troubleshooting issues. but for threat actors, msp rmms are an ea…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Four years after the Kaseya supply chain attack, a recent incident shows how threat actors still successfully target MSPs’ downstream customers through RMM software.