ANY.RUN researchers uncovered a phishing-to-RMM campaign in which attackers use fake Microsoft, Adobe, and OneDrive pages to deliver legitimate remote management tools such as ScreenConnect and LogMeIn Rescue.  Detection is difficult because the payload and infrastructure can look legitimate in isolation. Analysts need to connect the full chain, from phishing lure to RMM execution and outbound connections, […]
The post New Phishing-to-RMM Attacks: How Analysts Can Detect Trusted-Tool Abuse Early  appeared first on Cyber Security News.