Hackers Exploit Legitimate Tools to Gain Remote Access to Corporate Systems
A new campaign sees threat actors leveraging fake Microsoft Teams invites and a readily available “attack kit” to gain administrator-level control over corporate networks,impacting hundreds of organizations globally.
Researchers have uncovered a sophisticated attack method where hackers are bypassing traditional security measures by weaponizing trusted workplace tools, specifically ConnectWise ScreenConnect – a legitimate IT support application – to establish full remote access to victim systems. Rather of directly stealing credentials, attackers are tricking employees into granting them complete control.
The attacks begin with highly convincing phishing emails, often disguised as Microsoft Teams meeting invitations, designed to lure victims into downloading and installing ConnectWise ScreenConnect. Once installed, attackers gain administrator-level access, enabling them to launch account takeovers, conduct further phishing attacks within the network (lateral phishing), and steal sensitive data – all while masquerading as legitimate IT activity.
“Instead of breaking into systems, threat actors are now weaponizing trusted workplace tools to sidestep defenses,” according to a report by Abnormal, the cybersecurity firm tracking the campaign.
So far, approximately 900 companies have been targeted. The hardest-hit sectors include education and religious groups (14.4%), healthcare and pharmaceutical companies (9.7%), and financial services (9.4%). Victims are primarily located in the US, UK, Canada, and Australia.A key element fueling this campaign is a dark web marketplace where “attack kits” for ScreenConnect are sold for a few thousand dollars. Compromised network access is also available for resale, ranging from $500 to $2,000. Some vendors even offer comprehensive packages, including training and support, for around $6,000, effectively operating a “RAT-as-a-Service” model.To defend against these evolving threats, cybersecurity experts recommend a multi-layered approach including AI-powered email security, robust endpoint monitoring, implementation of zero-trust security principles, and comprehensive staff awareness training.
