Vulnerable remote desktop protocol ports targeted via phishing campaigns have been leveraged by threat actors to facilitate initial network access and the deployment of remote access tools, noted the agencies in a joint cybersecurity advisory. “After SmokeLoader’s hidden payload is downloaded onto the victim’s system, threat actors use the malware’s functionality to download the Phobos payload and exfiltrate data from the compromised system,”

Source: SC Magazine