Attackers are increasingly abusing ConnectWise ScreenConnect to deploy multiple remote access trojans (RATs) against U.S. organizations. Tactics are evolving to be more stealthy, shifting from scheduled tasks to encoded loaders and utilizing preconfigured VMs for rapid deployment. This campaign demonstrates high attacker adaptability and a focus on privileged access.
Latest mentioned: 09-11
Earliest mentioned: 09-05