Back

Phishing Campaign Exploits LogMeIn Resolve and ScreenConnect Tools

Severity: Medium (Score: 51.9)

Sources: Gbhackers, Cybersecuritynews

Summary

Threat actors are leveraging the legitimate remote monitoring and management tools LogMeIn Resolve and ScreenConnect in a sophisticated phishing campaign. This multi-stage attack combines social engineering tactics with stealthy information-stealing malware. Sophos’ Managed Detection and Response (MDR) teams first detected this activity in April 2025, with a significant increase in malicious activity noted between October and November 2025. The campaign targets organizations primarily in the United States, aiming to bypass security defenses by using trusted software. Specific details regarding the number of affected organizations or systems have not been disclosed. The current status indicates ongoing exploitation of these tools in phishing attempts. Security professionals are advised to remain vigilant against such tactics. Key Points: • Threat actors are exploiting LogMeIn Resolve and ScreenConnect in phishing campaigns. • The campaign blends social engineering with information-stealing malware. • Most malicious activity was observed between October and November 2025.

Key Entities

  • Malware (attack_type)
  • Phishing (attack_type)
  • United States (country)
  • T1566 - Phishing (mitre_attack)
  • LogMeIn Resolve (tool)
  • ScreenConnect (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed