Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

A phishing campaign named VENOMOUS#HELPER has impacted over 80 organizations by using legitimate Remote Monitoring and Management (RMM) tools like SimpleHelp and ScreenConnect to gain persistent remote access. The campaign begins with a phishing email impersonating the U.S. Social Security Administration, leading victims to download an executable that installs the RMM software, enabling attackers to control compromised hosts.