Threat actors are utilizing the ScreenConnect (now called ConnectWise Control) MSP remote management software to compromise a network, steal data, and install the Zeppelin Ransomware on compromised computers.
ConnectWise Control is a remote management software commonly used by MSPs and IT professionals in order to gain access to a remote computer to provide support.
To remotely manage an endpoint workstation, technicians will use the software to create agents that are then installed on the computers they wish to manage. Once the agent is up and running, the computer will appear in the ConnectWise Control Site management software as shown below, where it can then be taken over.
Black Basta ransomware poses as IT support on Microsoft Teams to breach networks
Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware
Soft Organizer Pro from Chemtable for Free - Uninstall applications