Tip
An RMM (Remote Monitoring and Management) tool is a type of software used by IT professionals and managed service providers (MSPs) to remotely monitor, manage, and maintain IT systems, networks, and devices. These tools are designed to improve the efficiency of IT operations by enabling technicians to handle tasks from a centralized location without the need for physical access to client devices.
Important
By operating through legitimate RMM channels, attackers can evade detection by blending in with regular IT activities and potentially bypass security measures due to the elevated privileges these tools provide.
| Tool Name | Threat Group Usage |
|---|---|
| Action1 | LockBit, MONTI |
| AnyDesk | BlackSuit, Royal, Akira, BlackCat, Karakurt, LockBit, Rhysida, AvosLocker, Conti, Dagon Locker, Nokoyawa, Quantum, Diavol, Trigona, BlackByte, Cactus, Lapsus$, Black Basta, MONTI, DarkSide, RagnarLocker, RansomHub, Everest, *Br0k3r, Storm-0501, Medusa, BianLian, Fog, Interlock, Beast, Yurei |
| AmmyyAdmin | BianLian |
| Atera | BlackSuit, Royal, AvosLocker, BianLian, Conti, Hive, Quantum, RansomHub, Black Basta, Everest, BlackCat, Medusa, RansomHub |
| ASG Remote Desktop | Scattered Spider* |
| BeAnywhere | Scattered Spider* |
| Chrome Remote Desktop | Scattered Spider* |
| Domotz | Scattered Spider* |
| DWAgent | Scattered Spider* |
| eHorus | DarkBit+, Medusa |
| FixMeIt | LockBit |
| Fleetdeck | Scattered Spider* |
| GoToAssist | DarkSide |
| HCL BigFix | Medusa |
| ITarian | Scattered Spider* |
| Level.io | Scattered Spider*, Storm-0501 |
| LogMeIn | BlackSuit, Royal, Trigona, Yanluowang |
| ManageEngineRMM | Scattered Spider* |
| MeshAgent | *Br0k3r, Akira |
| MobaXterm | BlackSuit, Royal, Akira, Scattered Spider* |
| N-Able | Scattered Spider*, RansomHub, Medusa |
| NetSupport | Cuba, EvilCorp*, Black Basta, Qilin |
| NinjaOne | Storm-0501 |
| Parsec | Scattered Spider* |
| PDQ Deploy | AvosLocker, Medusa |
| PowerAdmin | Vice Society |
| Pulseway | Scattered Spider* |
| Radmin | Akira, Warlock |
| Remote Desktop Plus (RDP+) | Medusa Locker |
| Remote Manipulator System (RMS) | RagnarLocker |
| RemotePC | Scattered Spider* |
| RemoteUtilities | RagnarLocker |
| RPort | Scattered Spider*, DarkBit+ |
| RSAT | Quantum, Scattered Spider* |
| RustDesk | Akira, Scattered Spider* |
| ScreenConnect | Black Basta, BlackCat, LockBit, Scattered Spider*, Hive, Trigona, Medusa, Yanluowang, RansomHub, Medusa, Qilin, BianLian, Interlock |
| SimpleHelp | BlackCat, Medusa |
| Sorillus | Scattered Spider* |
| Splashtop | Black Basta, LockBit, AvosLocker, BianLian, Scattered Spider*, Hive, Quantum, Conti, Trigona, RansomHub, Cactus, Everest, Medusa |
| SuperOps | Cactus |
| Supremo | Black Basta |
| Syncro | Royal |
| TacticalRMM | AvosLocker, Scattered Spider* |
| TeamViewer | LockBit, BianLian, Scattered Spider*, Trigona, Yanluowang, Helldown, Akira |
| TightVNC | Scattered Spider*, DarkSide, RansomHub |
| TrendMicro Basecamp | Scattered Spider* |
| Xeox | Scattered Spider* |
| ZeroTier | Scattered Spider* |
| ZohoAssist | LockBit, Scattered Spider* |