APT / THREAT GROUP

RMS

5
aliases
Last seen:Mar 17, 2026

Intelligence Profile

CyberInt states that Remote Manipulator System (RMS) is a legitimate tool developed by Russian organization TektonIT and has been observed in campaigns conducted by TA505 as well as numerous smaller campaigns likely attributable to other, disparate, threat actors. In addition to the availability of commercial licenses, the tool is free for non-commercial use and supports the remote administration of both Microsoft Windows and Android devices.

Threat Analysis

RMS is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning RMS

External References

Quick Facts

TypeAPT / Threat Group
Aliases5

Also Known As

GussdoorRMSRemote Manipulator SystemRuRATwin.rms

External Intelligence

Malpedia: win.rms

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.