Initial Access: What Threat Actors Are Prioritizing

**Executive summary:** Attackers are embedding legitimate, signed RMM installers inside PDF documents and using support-ticket channels to bypass email filters and gain stealthy initial access in targeted campaigns against finance, energy, and government organizations in France and Luxembourg; this enables remote control, defense disabling, and potential ransomware deployment, so organizations should restrict RMM installations, enforce application allowlisting, and monitor for PDFs spawning installers.