A managed service provider (MSP) and its clients were compromised through the exploitation of vulnerabilities in SimpleHelp remote management software, leading to a DragonForce ransomware attack. The threat actors used chained bugs to gain full system access, exfiltrate data, and deploy ransomware, affecting multiple organizations. #DragonForce #SimpleHelpVulnerabilities
Keypoints
- A threat actor exploited three vulnerabilities in SimpleHelp RMM software to gain initial access.
- The vulnerabilities, tracked as CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726, allowed privilege escalation and data retrieval.
- SimpleHelp released patches in mid-January, but attackers began chaining the flaws two weeks later.
- The attackers compromised an MSP’s deployment, collecting customer device information and sensitive data.
- The DragonForce ransomware group, operating as a ransomware-as-a-service, targeted several organizations including US and UK retailers.
Read More: https://www.securityweek.com/dragonforce-ransomware-hackers-exploiting-simplehelp-vulnerabilities/