Weaponizing Apathy: How Threat Actors Exploit Vulnerabilities and Legitimate Software

**Executive Summary:** This Cofense analysis (Dec 2021–Dec 2024) documents the widespread abuse of legitimate software and known CVEs to deliver Remote Access Tools and other malware, highlighting Microsoft Office CVE exploitation and declining but notable use of Office macros, and enumerating prominent abused RATs (NetSupport Manager, ConnectWise, FleetDeck, Atera) used by threat actors to achieve remote control, data access, and lateral movement; the report recommends improving visibility into legitimate software abuse and prioritizing timely patching.