{"id":6347,"date":"2025-04-02T13:36:44","date_gmt":"2025-04-02T17:36:44","guid":{"rendered":"https:\/\/solutionsreview.com\/endpoint-security\/?p=6347"},"modified":"2025-04-04T13:41:11","modified_gmt":"2025-04-04T17:41:11","slug":"how-threat-actors-leverage-remote-monitoring-and-management-software","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/","title":{"rendered":"How Threat Actors Leverage Remote Monitoring and Management Software"},"content":{"rendered":"<div class=\"detail-layout-description mighty-wysiwyg-content mighty-max-content-width fr-view\">\n<p dir=\"ltr\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium_large wp-image-6349\" src=\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2025\/04\/How-Threat-Actors-Leverage-Remote-Monitoring-and-Management-Software-768x384.jpg\" alt=\"How Threat Actors Leverage Remote Monitoring and Management Software\" width=\"768\" height=\"384\" srcset=\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2025\/04\/How-Threat-Actors-Leverage-Remote-Monitoring-and-Management-Software-768x384.jpg 768w, https:\/\/solutionsreview.com\/endpoint-security\/files\/2025\/04\/How-Threat-Actors-Leverage-Remote-Monitoring-and-Management-Software-300x150.jpg 300w, https:\/\/solutionsreview.com\/endpoint-security\/files\/2025\/04\/How-Threat-Actors-Leverage-Remote-Monitoring-and-Management-Software.jpg 800w\" sizes=\"(max-width: 768px) 100vw, 768px\" \/><\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\"><em><strong><span class=\"ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak\" dir=\"ltr\">Jeremy Kirk, the Executive Editor for Cyber Threat Intelligence at <a href=\"https:\/\/intel471.com\/\" target=\"_blank\" rel=\"noopener\">Intel 471<\/a>, explains how threat actors can leverage remote monitoring and management (RMM) software solutions. <\/span><\/strong><\/em><em><strong><span class=\"ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak\" dir=\"ltr\">This article originally appeared in <a class=\"external\" href=\"https:\/\/insightjam.com\/share\/W9PNIZN-ugApeSN3?utm_source=manual\" target=\"_blank\" rel=\"noopener nofollow\">Insight Jam<\/a>, an enterprise IT community that enables human conversation on AI.<\/span><\/strong><\/em><\/p>\n<p id=\"isPasted\" dir=\"ltr\" style=\"text-align: justify;\"><a href=\"https:\/\/insightjam.com\/share\/W9PNIZN-ugApeSN3?utm_source=manual\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-6313 alignleft\" src=\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2025\/03\/Insight-Jam-Logo-2025-Square.png\" alt=\"\" width=\"100\" height=\"100\" srcset=\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2025\/03\/Insight-Jam-Logo-2025-Square.png 100w, https:\/\/solutionsreview.com\/endpoint-security\/files\/2025\/03\/Insight-Jam-Logo-2025-Square-60x60.png 60w\" sizes=\"(max-width: 100px) 100vw, 100px\" \/><\/a>Remote monitoring and management (RMM) applications, such as AnyDesk, Atera Agent, ScreenConnect, and TeamViewer, are powerful and useful tools for administrators who do not have on-site, physical access to machines. Organizations frequently rely on RMM software for essential information technology (IT) tasks, such as system updates, asset management, software deployment, endpoint troubleshooting, and maintenance scheduling.<\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\">Unsurprisingly, threat actors find these RMM tools useful as well and are increasingly leveraging them to gain access to networks, install malware, disable security features, and escalate privileges. Detecting malicious actions using RMM tools, unfortunately, is difficult because they are so widely used and deeply integrated into IT workflows. RMM is legitimate software, so these applications are unlikely to be flagged as malware. Abusing RMM tools offers a distinct advantage over remote access tools (RATs), which are custom-designed malware tools that need to employ other techniques, such as valid signing certificates, to avoid being flagged by security software.<\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\">RMM software abuse is not a new technique, but it registered at a persistent level throughout 2024, and we anticipate this trend to continue in 2025.<\/p>\n<h3 dir=\"ltr\" style=\"text-align: justify;\"><strong>How RMM Tools Are Exploited<\/strong><\/h3>\n<p dir=\"ltr\" style=\"text-align: justify;\">Threat actors frequently can gain access to RMM software by initially compromising RMM user credentials through social-engineering tactics or by exploiting vulnerabilities in outdated software. This allows attackers to use a preinstalled tool, thus potentially attracting less attention when misusing it. In some cases, attackers will take proactive steps to preserve their illicit access to an RMM tool. This can include creating additional accounts for RMM software in case it is discovered that account credentials have been compromised and are reset.<\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\">Attackers also may social-engineer victims into installing RMM software under misleading pretenses. This scheme has often manifested as a bogus request from an organization\u2019s IT department to solve a problem. An employee who wants to take the right action may comply, installing the software and then allowing access to the attackers. Attackers can then use RMM software to map the network and identify valuable assets. They typically move laterally using credentials harvested from compromised systems to exfiltrate sensitive data, deploy ransomware, or launch further attacks against downstream clients.<\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\">To ensure long-term access or facilitate additional malicious activities, threat actors often install additional RATs to maintain persistent access. These tools can serve as backups for remote desktop sessions or establish reverse connections to adversary-controlled servers, leading to widespread operational disruptions, significant financial losses, and potential supply chain vulnerabilities.<\/p>\n<h3 dir=\"ltr\" style=\"text-align: justify;\"><strong>Ransomware Group in Focus: Black Basta<\/strong><\/h3>\n<p dir=\"ltr\" style=\"text-align: justify;\">The Black Basta ransomware group emerged in mid-April 2022 and evolved into the third most impactful ransomware group that year. Its members are experienced Russian-speaking ransomware and cyber-crime veterans, some of whom worked with the infamous Conti ransomware-as-a-service (RaaS) group. In February 2025, a leaker released about 197,000 messages from different Matrix chatrooms the Black Basta group used. The leak provided deep insight into the group\u2019s tactics, techniques, and procedures (TTPs), including how it gained initial access to victims and networks using RMM software.<\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\">The group ran a sophisticated operation, researching organizations it thought might pay a ransom and compiling lists in Google Sheets of individual employees it planned to target. In one scenario, an employee would be targeted in a spam attack that would fill the person\u2019s inbox. Then, someone from Black Basta would call the person and\u2014reading from a pre-drafted script\u2014impersonate an IT support member from the victim\u2019s organization. The attacker would offer to install antispam software on the user\u2019s machine, but in order to do that, the victim needed to install remote access software such as AnyDesk, Quick Assist, or TeamViewer.<\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\">After the victim installed the software, Black Basta would contact one of its malicious penetration testers, who would then try to install additional malware to enable persistent access. The pentester would provide a code the victim was supposed to enter on the computer, allowing the pentester to establish another foothold. The leaked chat messages did not reveal what malware was used to obtain persistent access.<\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\">However, one member claimed to run a batch (.bat) file that prompted the employee to enter credentials for the corporate virtual private network (VPN) portal. These credentials would then allow Black Basta\u2019s actors to access the domain network, advancing the data exfiltration and ransomware attack by one more step.<\/p>\n<h3 dir=\"ltr\" style=\"text-align: justify;\"><strong>Defensive Mitigations<\/strong><\/h3>\n<p dir=\"ltr\" style=\"text-align: justify;\">To mitigate the escalating risks associated with RMM tools, a comprehensive defense strategy is critical. Detection efforts should include deploying endpoint detection and response (EDR) platforms, conducting network traffic analysis, and utilizing behavior-based intrusion detection systems (IDSs) that are tuned specifically to recognize RMM-related activities. It is also vital to enforce stringent application listing, which would prohibit users from installing RMM software as a result of falling prey to a social engineering campaign.<\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\">Only vetted, preapproved RMM software that has tight access controls should be used across the organization to minimize the attack surface. Lastly, security teams are advised to undertake threat-hunting exercises routinely to detect early signs of misuse, such as anomalous network connections or other suspicious activities that may suggest unauthorized access.<\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\">For example, AnyDesk is a common and widely utilized tool for remotely controlling machines. However, many actors have also adopted it to remotely access victim machines and deploy malware or ransomware payloads. Threat actors may install AnyDesk but put its executable in an uncommon directory, such as the ProgramData and System32 temporary directories, in an attempt to hide it.<\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\">Additionally, to appear more legitimate, some attackers may utilize installation paths that include legitimate-sounding names, such as &#8220;Microsoft Management&#8221; or &#8220;Customer Service.\u201d These types of behaviors, drawn from threat intelligence based on real attacks, can be used in threat hunts that search security information and event management (SIEM) or other logging systems that may have recorded the malicious activity, allowing an organization to undertake incident response to remove the threat.<\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\">By integrating these measures\u2014enhanced detection capabilities, strict access management, and proactive threat hunting\u2014organizations can more effectively stay ahead of adversaries who seek to exploit RMM tools.<\/p>\n<hr \/>\n<p dir=\"ltr\" style=\"text-align: justify;\">\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Jeremy Kirk, the Executive Editor for Cyber Threat Intelligence at Intel 471, explains how threat actors can leverage remote monitoring and management (RMM) software solutions. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI. Remote monitoring and management (RMM) applications, such as AnyDesk, Atera Agent, ScreenConnect, and [&hellip;]<\/p>\n","protected":false},"author":1273,"featured_media":6349,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[2],"tags":[1953,1787,2285,2284,2283],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How Threat Actors Leverage Remote Monitoring and Management Software<\/title>\n<meta name=\"description\" content=\"Jeremy Kirk from Intel 471 explains how threat actors can leverage remote monitoring and management (RMM) software solutions.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How Threat Actors Leverage Remote Monitoring and Management Software\" \/>\n<meta property=\"og:description\" content=\"Jeremy Kirk from Intel 471 explains how threat actors can leverage remote monitoring and management (RMM) software solutions.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/\" \/>\n<meta property=\"og:site_name\" content=\"Endpoint Security &amp; Protection Platforms | Solutions Review\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/solutionsreview\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-02T17:36:44+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-04-04T17:41:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2025\/04\/How-Threat-Actors-Leverage-Remote-Monitoring-and-Management-Software.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jeremy Kirk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@InfoSec_Review\" \/>\n<meta name=\"twitter:site\" content=\"@InfoSec_Review\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeremy Kirk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/\"},\"author\":{\"name\":\"Jeremy Kirk\",\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/#\/schema\/person\/723aafd525479626d97a88657559d23a\"},\"headline\":\"How Threat Actors Leverage Remote Monitoring and Management Software\",\"datePublished\":\"2025-04-02T17:36:44+00:00\",\"dateModified\":\"2025-04-04T17:41:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/\"},\"wordCount\":1042,\"publisher\":{\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/#organization\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2025\/04\/How-Threat-Actors-Leverage-Remote-Monitoring-and-Management-Software.jpg\",\"keywords\":[\"Contributed Content\",\"Intel 471\",\"Jeremy Kirk\",\"Remote Monitoring and Management (RMM)\",\"Threat Actors\"],\"articleSection\":[\"Best Practices\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/\",\"url\":\"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/\",\"name\":\"How Threat Actors Leverage Remote Monitoring and Management Software\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2025\/04\/How-Threat-Actors-Leverage-Remote-Monitoring-and-Management-Software.jpg\",\"datePublished\":\"2025-04-02T17:36:44+00:00\",\"dateModified\":\"2025-04-04T17:41:11+00:00\",\"description\":\"Jeremy Kirk from Intel 471 explains how threat actors can leverage remote monitoring and management (RMM) software solutions.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2025\/04\/How-Threat-Actors-Leverage-Remote-Monitoring-and-Management-Software.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2025\/04\/How-Threat-Actors-Leverage-Remote-Monitoring-and-Management-Software.jpg\",\"width\":800,\"height\":400,\"caption\":\"How Threat Actors Leverage Remote Monitoring and Management Software\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/endpoint-security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How Threat Actors Leverage Remote Monitoring and Management Software\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/#website\",\"url\":\"https:\/\/solutionsreview.com\/endpoint-security\/\",\"name\":\"Endpoint Security &amp; Protection Platforms | Solutions Review\",\"description\":\"Evaluating Enterprise EPP Software, Next-Gen Antivirus &amp; EDR Solutions.\",\"publisher\":{\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/endpoint-security\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/#organization\",\"name\":\"Solutions Review\",\"url\":\"https:\/\/solutionsreview.com\/endpoint-security\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2016\/05\/SR_Icon.png\",\"contentUrl\":\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2016\/05\/SR_Icon.png\",\"width\":200,\"height\":200,\"caption\":\"Solutions Review\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/solutionsreview\",\"https:\/\/x.com\/InfoSec_Review\",\"https:\/\/www.linkedin.com\/company\/cyber-security-solutions-review\",\"https:\/\/www.youtube.com\/user\/SolutionsReview\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/#\/schema\/person\/723aafd525479626d97a88657559d23a\",\"name\":\"Jeremy Kirk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2025\/04\/Jeremy-Kirk.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2025\/04\/Jeremy-Kirk.jpg\",\"caption\":\"Jeremy Kirk\"},\"description\":\"Jeremy Kirk is Executive Editor for Cyber Threat Intelligence at Intel 471, an intelligence firm helping organizations defend against emerging cyber threats. Previously, he was a cybersecurity journalist covering data breaches, malware, ransomware, and the cybercriminal underground.\",\"sameAs\":[\"https:\/\/intel471.com\/\",\"https:\/\/www.linkedin.com\/in\/jeremykirk\/\"],\"url\":\"https:\/\/solutionsreview.com\/endpoint-security\/author\/jkirk\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How Threat Actors Leverage Remote Monitoring and Management Software","description":"Jeremy Kirk from Intel 471 explains how threat actors can leverage remote monitoring and management (RMM) software solutions.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/","og_locale":"en_US","og_type":"article","og_title":"How Threat Actors Leverage Remote Monitoring and Management Software","og_description":"Jeremy Kirk from Intel 471 explains how threat actors can leverage remote monitoring and management (RMM) software solutions.","og_url":"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/","og_site_name":"Endpoint Security &amp; Protection Platforms | Solutions Review","article_publisher":"https:\/\/www.facebook.com\/solutionsreview","article_published_time":"2025-04-02T17:36:44+00:00","article_modified_time":"2025-04-04T17:41:11+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/solutionsreview.com\/endpoint-security\/files\/2025\/04\/How-Threat-Actors-Leverage-Remote-Monitoring-and-Management-Software.jpg","type":"image\/jpeg"}],"author":"Jeremy Kirk","twitter_card":"summary_large_image","twitter_creator":"@InfoSec_Review","twitter_site":"@InfoSec_Review","twitter_misc":{"Written by":"Jeremy Kirk","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/#article","isPartOf":{"@id":"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/"},"author":{"name":"Jeremy Kirk","@id":"https:\/\/solutionsreview.com\/endpoint-security\/#\/schema\/person\/723aafd525479626d97a88657559d23a"},"headline":"How Threat Actors Leverage Remote Monitoring and Management Software","datePublished":"2025-04-02T17:36:44+00:00","dateModified":"2025-04-04T17:41:11+00:00","mainEntityOfPage":{"@id":"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/"},"wordCount":1042,"publisher":{"@id":"https:\/\/solutionsreview.com\/endpoint-security\/#organization"},"image":{"@id":"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/endpoint-security\/files\/2025\/04\/How-Threat-Actors-Leverage-Remote-Monitoring-and-Management-Software.jpg","keywords":["Contributed Content","Intel 471","Jeremy Kirk","Remote Monitoring and Management (RMM)","Threat Actors"],"articleSection":["Best Practices"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/","url":"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/","name":"How Threat Actors Leverage Remote Monitoring and Management Software","isPartOf":{"@id":"https:\/\/solutionsreview.com\/endpoint-security\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/endpoint-security\/files\/2025\/04\/How-Threat-Actors-Leverage-Remote-Monitoring-and-Management-Software.jpg","datePublished":"2025-04-02T17:36:44+00:00","dateModified":"2025-04-04T17:41:11+00:00","description":"Jeremy Kirk from Intel 471 explains how threat actors can leverage remote monitoring and management (RMM) software solutions.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/#primaryimage","url":"https:\/\/solutionsreview.com\/endpoint-security\/files\/2025\/04\/How-Threat-Actors-Leverage-Remote-Monitoring-and-Management-Software.jpg","contentUrl":"https:\/\/solutionsreview.com\/endpoint-security\/files\/2025\/04\/How-Threat-Actors-Leverage-Remote-Monitoring-and-Management-Software.jpg","width":800,"height":400,"caption":"How Threat Actors Leverage Remote Monitoring and Management Software"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/endpoint-security\/how-threat-actors-leverage-remote-monitoring-and-management-software\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/endpoint-security\/"},{"@type":"ListItem","position":2,"name":"How Threat Actors Leverage Remote Monitoring and Management Software"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/endpoint-security\/#website","url":"https:\/\/solutionsreview.com\/endpoint-security\/","name":"Endpoint Security &amp; Protection Platforms | Solutions Review","description":"Evaluating Enterprise EPP Software, Next-Gen Antivirus &amp; EDR Solutions.","publisher":{"@id":"https:\/\/solutionsreview.com\/endpoint-security\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/endpoint-security\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/solutionsreview.com\/endpoint-security\/#organization","name":"Solutions Review","url":"https:\/\/solutionsreview.com\/endpoint-security\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/endpoint-security\/#\/schema\/logo\/image\/","url":"https:\/\/solutionsreview.com\/endpoint-security\/files\/2016\/05\/SR_Icon.png","contentUrl":"https:\/\/solutionsreview.com\/endpoint-security\/files\/2016\/05\/SR_Icon.png","width":200,"height":200,"caption":"Solutions Review"},"image":{"@id":"https:\/\/solutionsreview.com\/endpoint-security\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/solutionsreview","https:\/\/x.com\/InfoSec_Review","https:\/\/www.linkedin.com\/company\/cyber-security-solutions-review","https:\/\/www.youtube.com\/user\/SolutionsReview"]},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/endpoint-security\/#\/schema\/person\/723aafd525479626d97a88657559d23a","name":"Jeremy Kirk","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/endpoint-security\/#\/schema\/person\/image\/","url":"https:\/\/solutionsreview.com\/endpoint-security\/files\/2025\/04\/Jeremy-Kirk.jpg","contentUrl":"https:\/\/solutionsreview.com\/endpoint-security\/files\/2025\/04\/Jeremy-Kirk.jpg","caption":"Jeremy Kirk"},"description":"Jeremy Kirk is Executive Editor for Cyber Threat Intelligence at Intel 471, an intelligence firm helping organizations defend against emerging cyber threats. Previously, he was a cybersecurity journalist covering data breaches, malware, ransomware, and the cybercriminal underground.","sameAs":["https:\/\/intel471.com\/","https:\/\/www.linkedin.com\/in\/jeremykirk\/"],"url":"https:\/\/solutionsreview.com\/endpoint-security\/author\/jkirk\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/endpoint-security\/wp-json\/wp\/v2\/posts\/6347"}],"collection":[{"href":"https:\/\/solutionsreview.com\/endpoint-security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/endpoint-security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/endpoint-security\/wp-json\/wp\/v2\/users\/1273"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/endpoint-security\/wp-json\/wp\/v2\/comments?post=6347"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/endpoint-security\/wp-json\/wp\/v2\/posts\/6347\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/endpoint-security\/wp-json\/wp\/v2\/media\/6349"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/endpoint-security\/wp-json\/wp\/v2\/media?parent=6347"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/endpoint-security\/wp-json\/wp\/v2\/categories?post=6347"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/endpoint-security\/wp-json\/wp\/v2\/tags?post=6347"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}