ScreenConnect Attack: SmartScreen Bypass and RMM Abuse

An attack campaign targeting organizations in the US, Canada, UK, and Northern Ireland exploits ConnectWise ScreenConnect vulnerabilities. The attack chain begins with a spoofed email containing a malicious .cmd attachment, which executes silently, escalates privileges, disables Windows SmartScreen, and removes the Mark-of-the-Web. It then installs a legitimate Remote Monitoring and Management tool, ScreenConnect, which is abused as a Remote Access Trojan for persistent command-and-control access. The campaign focuses on sectors with high-value data, including government, healthcare, and logistics. The attackers use various techniques to evade detection, including UAC bypass, registry modification, and silent MSI installation. The ScreenConnect client used has a revoked certificate, highlighting the importance of blocking vulnerable software versions and enforcing strict RMM allowlists.

Pulse ID: 698dadc62e15016f807eaccc
Pulse Link: https://otx.alienvault.com/pulse/698dadc62e15016f807eaccc
Pulse Author: AlienVault
Created: 2026-02-12 10:39:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Canada #ConnectWise #CyberSecurity #Email #Government #Healthcare #ICS #InfoSec #Ireland #MarkoftheWeb #OTX #OpenThreatExchange #RemoteAccessTrojan #ScreenConnect #Trojan #UK #Windows #WindowsSmartScreen #bot #AlienVault

Fat Patch Tuesday, February 2024 Edition

https://krebsonsecurity.com/2024/02/fat-patch-tuesday-february-2024-edition/

#PatchTuesdayFebruary2024 #WindowsSmartScreen #MicrosoftOffice #LatestWarnings #CVE-2024-21351 #CVE-2024-21410 #CVE-2024-21412 #CVE-2024-21413 #SecurityTools #ImmersiveLabs #SatnamNarang #TimetoPatch #AdamBarnett #KevinBreen #trendmicro #Tenable #Rapid7

Fat Patch Tuesday, February 2024 Edition https://krebsonsecurity.com/2024/02/fat-patch-tuesday-february-2024-edition/ #PatchTuesdayFebruary2024 #WindowsSmartScreen #MicrosoftOffice #LatestWarnings #CVE-2024-21351 #CVE-2024-21410 #CVE-2024-21412 #CVE-2024-21413 #SecurityTools #ImmersiveLabs #SatnamNarang #TimetoPatch #AdamBarnett #KevinBreen #trendmicro #Tenable #Rapid7

Fat Patch Tuesday, February 2024 Edition - Microsoft Corp. today pushed software updates to plug more than 70 security holes ... https://krebsonsecurity.com/2024/02/fat-patch-tuesday-february-2024-edition/ #patchtuesdayfebruary2024 #windowssmartscreen #microsoftoffice #latestwarnings #cve-2024-21351 #cve-2024-21410 #cve-2024-21412 #cve-2024-21413 #securitytools #immersivelabs #satnamnarang #timetopatch #adambarnett #kevinbreen #trendmicro #tenable #rapid7

Microsoft Patch Tuesday, March 2023 Edition - Microsoft on Tuesday released updates to quash at least 74 security bugs in its Wi... https://krebsonsecurity.com/2023/03/microsoft-patch-tuesday-march-2023-edition/ #microsoftpatchtuesdaymarch2023 #microsoft365appsforenterprise #windowssmartscreen #zerodayinitiative #thecomingstorm #cve-2023-23397 #cve-2023-24880 #securitytools #immersivelabs #dustinchilds #timetopatch #kevinbreen #rapid7

Microsoft Patch Tuesday, March 2023 Edition

https://krebsonsecurity.com/2023/03/microsoft-patch-tuesday-march-2023-edition/

#MicrosoftPatchTuesdayMarch2023 #Microsoft365AppsforEnterprise #WindowsSmartScreen #ZeroDayInitiative #TheComingStorm #CVE-2023-23397 #CVE-2023-24800 #SecurityTools #ImmersiveLabs #DustinChilds #TimetoPatch #KevinBreen #Rapid7

Microsoft Patch Tuesday, March 2023 Edition https://krebsonsecurity.com/2023/03/microsoft-patch-tuesday-march-2023-edition/ #MicrosoftPatchTuesdayMarch2023 #Microsoft365AppsforEnterprise #WindowsSmartScreen #ZeroDayInitiative #TheComingStorm #CVE-2023-23397 #CVE-2023-24800 #SecurityTools #ImmersiveLabs #DustinChilds #TimetoPatch #KevinBreen #Rapid7

Microsoft Patch Tuesday, March 2023 Edition

https://krebsonsecurity.com/2023/03/microsoft-patch-tuesday-march-2023-edition/

#MicrosoftPatchTuesdayMarch2023 #Microsoft365AppsforEnterprise #WindowsSmartScreen #ZeroDayInitiative #TheComingStorm #SecurityTools #ImmersiveLabs #CVE202323397 #CVE202324800 #DustinChilds #TimetoPatch #KevinBreen #Rapid7