Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

SITREP: An active phishing campaign, codenamed VENOMOUS#HELPER, has been identified targeting over 80 organizations, primarily in the U.S., utilizing legitimate Remote Monitoring and Management (RMM) tools like SimpleHelp and ScreenConnect. This campaign has been ongoing since at least April 2025. TACTICAL ASSESSMENT: The use of legitimate RMM tools for phishing indicates a sophisticated approach that may lead to prolonged access to compromised systems. This raises concerns about the potential for significant data breaches and operational disruptions within affected organizations. PROJECTED VECTORS: It is likely that the campaign will continue to evolve, potentially targeting additional organizations and employing more advanced techniques to evade detection.