Yet another legitimate enterprise software platform is being abused by various cybercriminals to deploy malware and ransomware to unsuspecting victims. Cybersecurity researchers from The DFIR Report have observed multiple threat actors using Action1 RMM, an otherwise benign remote desktop monitoring and management solution. 

Just as any othe remote management tool out there, Action1 is used by managed service providers (MSPs) and other IT teams to manage endpoints (opens in new tab) in a network from a remote location. They can use it to handle software patches, software installation, troubleshooting, and similar.