Detection of Recent RMM Distribution Cases Using AhnLab EDR

ASEC observed an increase in attacks leveraging legitimate RMM tools for initial distribution and post-compromise lateral control, where users are lured via malicious download pages and phishing PDFs to install RMM software (LogMeIn, PDQ Connect, Syncro, ScreenConnect, NinjaOne, SuperOps) that attackers abuse to execute PowerShell commands and deploy backdoors like PatoRAT; the report lists behavior-based detections in AhnLab EDR, shows signed samples and associated groups (e.g., MuddyWater, ALPHV/BlackCat, Hive), and recommends verifying download sources, checking certificates/version info, exercising caution with email links/attachments, and keeping OS/security products updated.