Summary: A recent report by Silent Push indicates that cybercriminals continue to exploit the legitimate remote monitoring tool ScreenConnect to establish persistent access during cyberattacks. The report reveals that a malicious file, disguised as a Social Security Administration eStatement, is being distributed to trick users into installing a compromised ScreenConnect client. This campaign has been bolstered by the use of Bulletproof Hosting providers, which shield cybercriminal operations from law enforcement scrutiny.

Affected: Organizations using ScreenConnect

Keypoints :

• Threat actors exploit ScreenConnect for unauthorized access and persistence in attacks.
• A malicious file disguised as an official eStatement is being used to deceive victims.
• Bulletproof Hosting providers facilitate these attacks by providing a safe haven for cybercriminal activities.