2025-02-23 10:16:41 Pacfic
SimpleHelp RMM Exploits Lead to Ransomware Deployment - 14d
Hackers are actively exploiting vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) software to compromise systems and potentially deploy ransomware. Cybersecurity firm Field Effect has confirmed these exploits and released a report detailing the post-exploitation activity. The vulnerabilities, tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, allow attackers to create administrator accounts and drop backdoors, laying the groundwork for further malicious activities.
Field Effect identified a breach where threat actors exploited these vulnerabilities in the SimpleHelp RMM client to infiltrate a targeted network. Following initial access, attackers execute discovery commands to gather system and network data. They then establish persistence by creating new administrator accounts and deploying the Sliver malware, a post-exploitation framework gaining popularity as a Cobalt Strike alternative. Once deployed, Sliver waits for further commands, enabling attackers to compromise the domain controller and potentially distribute malicious software.
ImgSrc: www.bleepstatic.com
References:
- Security Risk Advisors - Threat Actors Exploit SimpleHelp RMM Vulnerabilities to Deploy Ransomware - 14d
- The Hacker News - The Hacker News - Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware - 14d
- www.bleepingcomputer.com - Hackers are targeting vulnerable SimpleHelp RMM clients to create administrator accounts, drop backdoors, and potentially lay the groundwork for ransomware attacks. - 14d
- Blog - Threat actors exploiting #SimpleHelp RMM #vulnerabilities to deploy #ransomware The post appeared first on . - 14d
- SCM feed for Threat Management - Sliver malware spread via SimpleHelp RMM exploits - 14d
- fieldeffect.com - Threat actors exploiting #SimpleHelp RMM #vulnerabilities to deploy #ransomware - 13d
- GBHackers Security | #1 Globally Trusted Cyber Security News Platform - Hackers Exploiting SimpleHelp Vulnerabilities to Deploy Malware on Systems - 13d
- gbhackers.com - Hackers Exploiting SimpleHelp Vulnerabilities to Deploy Malware on Systems - 13d
Classification:
- HashTags: SimpleHelpRMM Vulnerability Ransomware
- Company: SimpleHelp
- Target: Corporate Networks
- Product: SimpleHelp RMM
- Feature: Exploitation
- Type: Ransomware
- Severity: Major