CyberSecurity news

FlagThis

@www.bleepingcomputer.com //
Hackers are actively exploiting vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) software to compromise systems and potentially deploy ransomware. Cybersecurity firm Field Effect has confirmed these exploits and released a report detailing the post-exploitation activity. The vulnerabilities, tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, allow attackers to create administrator accounts and drop backdoors, laying the groundwork for further malicious activities.

Field Effect identified a breach where threat actors exploited these vulnerabilities in the SimpleHelp RMM client to infiltrate a targeted network. Following initial access, attackers execute discovery commands to gather system and network data. They then establish persistence by creating new administrator accounts and deploying the Sliver malware, a post-exploitation framework gaining popularity as a Cobalt Strike alternative. Once deployed, Sliver waits for further commands, enabling attackers to compromise the domain controller and potentially distribute malicious software.
Original img attribution: https://www.bleepstatic.com/content/hl-images/2023/09/12/hacker-staring.jpg
ImgSrc: www.bleepstatic

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • Security Risk Advisors: Threat Actors Exploit SimpleHelp RMM Vulnerabilities to Deploy Ransomware
  • The Hacker News: The Hacker News - Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware
  • www.bleepingcomputer.com: Hackers are targeting vulnerable SimpleHelp RMM clients to create administrator accounts, drop backdoors, and potentially lay the groundwork for ransomware attacks.
  • Blog: Threat actors exploiting #SimpleHelp RMM #vulnerabilities to deploy #ransomware The post appeared first on .
  • www.scworld.com: Sliver malware spread via SimpleHelp RMM exploits
  • fieldeffect.com: Threat actors exploiting #SimpleHelp RMM #vulnerabilities to deploy #ransomware
  • gbhackers.com: Hackers Exploiting SimpleHelp Vulnerabilities to Deploy Malware on Systems
  • gbhackers.com: Hackers Exploiting SimpleHelp Vulnerabilities to Deploy Malware on Systems
Classification: