JAKARTA - Cybersecurity and Infrastructure Security Agency (CISA) identified a wide-spread cyber campaign, which relies heavily on remote monitoring and management software (RMM).

According to CISA, the attacker sent victims of malicious links leading to the download of ScreenConnect and AnyDesk software. Cybercriminals then used the software in fraudulent refunds to steal money from the victim's bank account.

While the attackers appear to be financially motivated, CISA is worried that threat actors can sell victim data to state-sponsored attackers or other cybercriminals.

They were found targeting several federal civil executive branch institutions in the United States, known as FCEB, a list that includes Homeland Security, the Treasury and the Department of Justice.

CISA said it first identified suspected malicious activity in two FCEB systems in October last year while conducting a retrospective analysis using Einstein, an intrusion detection system operated by the government and used to protect the network of federal civilian agents.

Further analysis leads to the conclusion that many other government networks are also affected. The unnamed striker behind the campaign began sending help desk-themed phishing emails to the federal employee government and personal email addresses in mid-June 2022.

These emails contain links to the first stage malicious site posing as a well-known company, including Microsoft and Amazon, or encouraging victims to call hackers, who then try to trick employees into visiting the malicious domain.

In that case and according to CISA, cybercriminals use remote access software to trick employees into accessing their bank accounts. Hackers use their remote access to change the list of recipient bank accounts.

CISA warned attackers could also use legitimate remote access software as a backdoor to maintain continuous access to government networks. This was quoted from TechCrunch, Friday, January 27.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)