Tip
- An RMM (Remote Monitoring and Management) tool is a type of software used by IT professionals and managed service providers (MSPs) to remotely monitor, manage, and maintain IT systems, networks, and devices.
- These tools are designed to improve the efficiency of IT operations by enabling technicians to handle tasks from a centralized location without the need for physical access to client devices.
Important
By operating through legitimate RMM channels, attackers can evade detection by blending in with regular IT activities and potentially bypass security measures due to the elevated privileges these tools provide.
| Tool Name | Threat Group Usage |
|---|---|
| InnoSetup | UAC-0020 |
| IntelliAdmin | Turla |
| RemCom | Sandworm |
| Remote Manipulator System (RMS) | Gamaredon |
| RemoteUtilities | UAC-0050 |
| SyncThing | UAC-0020 |
| TeamViewer | BERSERK BEAR |
| UltraVNC | Gamaredon |