We are currently seeing a high-severity attack campaign targeting organizations through compromised email accounts. These attacks are designed to install remote control software on computers, allowing attackers to monitor activity, access files, and take full control of systems.

What’s happening

Attackers are using legitimate, compromised email accounts to:

• Bypass spam and security filters
• Send convincing, well-written messages
• Exploit the trust of known contacts

These emails often refer to a shared file or document. When a user clicks a link or downloads the file, it silently installs a legitimate remote management tool (such as ScreenConnect), giving the attacker access to the system.

While this technique is not new, recent campaigns have become significantly more sophisticated and effective, making them harder to detect and increasing the likelihood of user interaction.

What you should do

All users should exercise heightened caution, even with emails from trusted senders:

• Do not click links or download files from unexpected emails
• Treat all shared file notifications with skepticism
• If a request is unexpected, verify it through a separate communication channel (phone, direct message, etc.)
• Do not reply to the original email to confirm legitimacy, as the attacker may be monitoring or responding

 As always if you have any questions or concerns about this latest security disclosure, please feel free to reach out.