Researchers from AhnLab have observed some unidentified threat actors use PlugX to exploit well-known flaws in remote desktop software to get complete control over the infected system. Several other threats, including the Sliver backdoor, Gh0st RAT, and XMRig coinminer, have abused the bugs in previous attacks. To prevent such threats, organizations are suggested to regularly review and update their security posture, and keep all the software updated.