Throughout 2018 and 2019, malicious cyber actors used desktop sharing software to facilitate a range of network intrusion activities, using both authorized and unauthorized installations to gain control of victim systems and access to otherwise inaccessible files. Desktop sharing software has multiple legitimate uses, enabling telework, tech support, and file transfers, but can also be exploited through malicious actors’ use of social engineering tactics and other illicit measures. Specifically, cyber actors typically convince victims to voluntarily download and install the desktop sharing software, often through the guise of providing technical support or with the assistance of corrupt insiders. Cyber actors also use stolen credentials to access victim systems through existing desktop sharing software installations. This gives cyber actors complete control over an affected system, enabling them to perform a range of malicious activities.