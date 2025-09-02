Hackers are increasingly turning workplace collaboration tools into a weapon. A new campaign has targeted more than 900 organisations worldwide by tricking employees with fake Zoom and Microsoft Teams invites. The aim was not to steal passwords but to silently take over entire systems by deploying ConnectWise ScreenConnect, a legitimate remote monitoring and management (RMM) tool misused for malicious purposes.

According to researchers at Abnormal Security, the attack begins with a phishing email that looks like a real meeting request. Once clicked, employees are asked to install ConnectWise ScreenConnect, a remote access tool normally used by IT teams. Instead of fixing problems, hackers use it to spy on workplace activity and take control of systems.

This campaign signals a dangerous change in hacker strategy. Instead of breaking through security defences, criminals are repurposing trusted enterprise tools to bypass detection. Such methods make it harder for traditional security systems to flag unusual behaviour, since the activity resembles legitimate IT support.

Researchers found that the campaign is especially targeting education and religious groups (14.4%), healthcare and pharma (9.7%), and financial services (9.4%). Other industries such as insurance, retail, legal, and manufacturing are also being affected. Most victims are in the US, UK, Canada, and Australia.

What makes this attack more dangerous is the growing black market behind it. On dark web marketplaces, “attack kits” with ScreenConnect are being sold for a few thousand dollars. Stolen company logins are resold for $500 to $2,000, while full custom packages with training and support cost up to $6,000. This effectively turns the misuse of remote access software into a “RAT-as-a-Service” (Remote Access Trojan-as-a-Service) business.

Experts believe organisations must urgently rethink how they defend against these attacks. Traditional tools alone are no longer enough. To defend against such threats, companies are being urged to strengthen email filtering, system monitoring, and employee awareness. Adopting zero-trust policies, where no user is trusted by default, can also reduce risks. But the most important step is training staff to recognise suspicious meeting invites before they click.