Ddos 
A recent report from Silent Push reveals that threat actors are still leveraging ScreenConnect, a legitimate remote monitoring and management (RMM) tool, to gain persistence in cyberattacks. This follows a previous report from Silent Push in 2022 and a subsequent advisory from CISA in 2023 highlighting the abuse of ScreenConnect.
The latest research uncovered a suspicious domain, “filessauploaderchecker[.]com”, distributing a malicious file disguised as a Social Security Administration eStatement. The file, named “Recently_S_S_A_eStatementsForum_Viewr66985110477892_Pdf[.]Client[.]exe”, is actually a ScreenConnect client configured to grant attackers control over the victim’s system.
Silent Push believes that attackers are using social engineering tactics, such as SMS messages, phone calls, and emails, to trick victims into installing the malicious ScreenConnect client. Once installed, the attackers can gain access to the victim’s files and maintain persistence on the compromised system.
A key element of this campaign is the use of Bulletproof Hosting (BPH) providers, which are known for turning a blind eye to cybercriminal activity. These offshore hosting services are often used to run phishing websites, malware distribution campaigns, and command-and-control (C2) servers with little risk of takedown.
Silent Push’s research identified multiple BPH providers being leveraged in this ScreenConnect campaign. However, they have withheld specific names for operational security reasons, promising a detailed report on BPH infrastructure later this year.
For cybercriminals, BPH providers offer anonymity, resilience, and low risk of law enforcement action, making them a core enabler of modern cybercrime operations.
Related Posts:
- ScreenConnect Abuse: Hackers Leverage Remote Access Tool for Healthcare Intrusion
- Bulletproof Hosting: The Dark Infrastructure Behind Global Cybercrime
- Phishing Campaign Targets Crypto & Healthcare with ScreenConnect
- Critical Security Vulnerabilities in ConnectWise ScreenConnect Demand Immediate Patching
- Cybercriminals Target US Citizens with Zoom and SSA Phishing Scams
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
