US Federal agencies fall prey to Phishing Scam via Remote Management Software

United States Cybersecurity and Infrastructure Security Agency (CISA) along with two other agencies; National Security Agency (NSA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a warning to federal agencies against a phishing scam taking place through Remote Monitoring and Management (RMM) Software.

The advisory was issued after two government firms fell prey to the attack and more is being investigated.

According to the alert, cyber crooks are sending emails to employees of government agencies to download two legitimate RMM software- ScreenConnect (ConnectWise Control) and AnyDesk. After the employee falls prey to their trick, the threat actors then use the newly established digital streamline to steal money from the victim’s bank accounts, turning it into a refund scam.

Investigations launched by the law enforcement agencies revealed the attacks took place between June and Sept last year for financial motivations and the hackers did succeed in obtaining monetary gains via fraudulent access.

Concerningly, the hack can cause further exploitation soon if the cyber criminals weaponizing the access by selling details to other hacking groups.

Remote software use has become a concerning menace to IT teams, especially after the WFH culture emerged after during and after Covid-19 imposed lockdowns.

And under such circumstances, the IT staff should start becoming highly vigilant as hackers have a splendid chance to unveil help desk themed social engineering driven cyber-attacks. Where the victim is enticed to visit a malicious domain or call back a number to speak to the actor operating with felonious motives.

They then pretend an instance where an accidental excess amount was refunded to the bank account of the victim and urge them to return the money.

Virginia based Cybersecurity platform ‘Silent Push’ was first the detect this anomaly in October 2022 and thus based on the firm’s tip-off, the CISA launched a detailed investigation that led it to a threat actor named Luna Moth in November 2022.

The NSA will make more details on this attack available in February last week of this year.


Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display