Intel Name: Qilin affiliates spear-phish msp screenconnect admin, targeting customers downstream
Date of Scan: April 11, 2025
Impact: High
Summary: In late January 2025, a Managed Service Provider (MSP) administrator received a convincing phishing email disguised as an authentication alert for their ScreenConnect Remote Monitoring and Management (RMM) tool. The phishing attempt successfully compromised the administrator’s credentials, allowing Qilin ransomware operators to gain access and launch attacks against the MSP’s clients.
