2025-02-23 12:09:46 Pacfic
SimpleHelp RMM Exploits Lead to Ransomware Deployment - 14d
Threat actors are exploiting vulnerabilities in SimpleHelp RMM software to gain initial access, establish persistent remote access, and potentially deploy ransomware. The vulnerabilities allow attackers to create administrator accounts, drop backdoors, and execute various discovery commands. Field Effect has observed the attack TTPs that are similar to Akira Ransomware group, but does not assess with high confidence because they could be adopted by other threat actors
Active Exploitation of SimpleHelp RMM Flaws Escalates Malware Deployment - 14d
Multiple threat actors are actively exploiting vulnerabilities in SimpleHelp’s Remote Monitoring and Management (RMM) software to infiltrate networks and deploy malware, including the Sliver backdoor and ransomware. The vulnerabilities, tracked as CVE-2024-NNNN, allow attackers to gain initial access and maintain persistent remote access to targeted systems. Field Effect has released an analysis detailing the exploitation techniques observed in these attacks.