RTM – Remote Monitoring & Management (RMM) Tools
Topic: Ransomware Tool Matrix Focus: Remote Monitoring & Management (RMM) Tools An RMM (Remote Monitoring and Management) tool is a type of software used by IT professionals and managed service providers (MSPs) to remotely monitor, manage, and maintain IT systems,…

Topic: Ransomware Tool Matrix
Focus: Remote Monitoring & Management (RMM) Tools
An RMM (Remote Monitoring and Management) tool is a type of software used by IT professionals and managed service providers (MSPs) to remotely monitor, manage, and maintain IT systems, networks, and devices. These tools are designed to improve the efficiency of IT operations by enabling technicians to handle tasks from a centralized location without the need for physical access to client devices.
By operating through legitimate RMM channels, attackers can evade detection by blending in with regular IT activities and potentially bypass security measures due to the elevated privileges these tools provide.
Last Updated: 9/10/2024
Tool Name | Known Threat Actor Usage |
---|---|
Action1 | LockBit, MONTI |
AnyDesk | BlackSuit, Royal, Akira, BlackCat, Karakurt, LockBit, Rhysida, AvosLocker, Conti, Dagon Locker, Nokoyawa, Quantum, Diavol, Trigona, BlackByte, Cactus, Lapsus$, Black Basta, MONTI, DarkSide, RagnarLocker, RansomHub, Everest |
Atera | BlackSuit, Royal, AvosLocker, BianLian, Conti, Hive, Quantum, RansomHub, Black Basta, Everest |
ASG Remote Desktop | Scattered Spider |
GoToAssist | DarkSide, Royal |
ITarian | Scattered Spider |
LogMeIn | BlackSuit, Royal, Trigona |
ManageEngineRMM | Scattered Spider |
N-Able | Scattered Spider, RansomHub |
NetSupport | Cuba, EvilCorp, Black Basta |
PDQ Deploy | AvosLocker |
PowerAdmin | Vice Society |
Radmin | Akira |
RustDesk | Akira, Scattered Spider |
ScreenConnect | Black Basta, BlackCat, LockBit, Scattered Spider, Hive, Trigona, Medusa, Yanluowang, RansomHub |
SimpleHelp | BlackCat |
Sorillus | Scattered Spider |
Splashtop | Black Basta, LockBit, AvosLocker, BianLian, Scattered Spider, Hive, Quantum, Conti, Trigona, RansomHub, Cactus, Everest |
Syncro | Royal |
TacticalRMM | AvosLocker, Scattered Spider |
TeamViewer | LockBit, BianLian, Scattered Spider, Trigona, Yanluowang |
TightVNC | Scattered Spider, DarkSide |
ZohoAssist | LockBit, Scattered Spider |
RELATED
Executive Summary – Continued Attacks on USA Law Firms
Executive Summary A cybercriminal operating under the alias CeFarir0ne has put up for sale unauthorized Remote Desktop Protocol (RDP) access to an…
Executive Summary – Shadow Syndicate
Executive Summary In late 2024, Darktrace identified multiple instances of RansomHub ransomware attacks linked to the ShadowSyndicate threat group. ShadowSyndicate,…
BianLian Data Extortion Group – Updated Advisory
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber…