Yet another legitimate enterprise software platform is being exploited by various cybercriminals to deploy malware and ransomware to unsuspecting victims. A cybersecurity researcher at The DFIR Report observed multiple attackers using his Action1 RMM. Action1 RMM is an otherwise secure remote desktop monitoring and management solution.
Like other remote management tools, Action1 is used by Managed Service Providers (MSPs) and other IT teams to manage endpoints. (opens in new tab) Over the network from a remote location. You can use it to handle software patches, software installations, troubleshooting, etc.
