Security News > 2025 > May > Attackers hit MSP, use its RMM software to deliver ransomware to clients
2025-05-28 11:11
A threat actor wielding the DragonForce ransomware has compromised an unnamed managed service provider (MSP) and pushed the malware onto its client organizations via SimpleHelp, a legitimate remote monitoring and management (RMM) tool. “Sophos MDR has medium confidence the threat actor exploited a chain of vulnerabilities that were released in January 2025,” the company’s incident responders shared on Tuesday. The vulnerabilities in question are CVE-2024-57727, CVE-2024-57728 and CVE-2024-57726, which can be used to compromise SimpleHelp … More → The post Attackers hit MSP, use its RMM software to deliver ransomware to clients appeared first on Help Net Security.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-15 | CVE-2024-57728 | Link Following vulnerability in Simple-Help Simplehelp SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. | 7.2 |
| 2025-01-15 | CVE-2024-57727 | Path Traversal vulnerability in Simple-Help Simplehelp SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. | 7.5 |
| 2025-01-15 | CVE-2024-57726 | Unspecified vulnerability in Simple-Help Simplehelp SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. | 9.9 |