Vulnerable SimpleHelp remote monitoring and management tool instances impacted by the high-severity path traversal flaw, tracked as CVE-2024-57727, were reported by the Cybersecurity and Infrastructure Security Agency to have been targeted in ransomware attacks against the customers of a utility billing service provider, according to The Register.
Infiltration of organizations' SimpleHelp RMM instances facilitated service interruptions and double extortion activity, said CISA in an advisory, which urged the immediate remediation of the vulnerability that has been abused by ransomware operations since January. Such an alert comes after the SimpleHelp bug was reported by the FBI, CISA, and the Australian Cyber Security Centre to have been leveraged by the Play ransomware group in attacks involving the theft and encryption of victims' data. Intrusions involving the vulnerability have also been launched by the DragonForce ransomware gang to breach a managed service provider and its clients, according to a report from Sophos.
Infiltration of organizations' SimpleHelp RMM instances facilitated service interruptions and double extortion activity, said CISA in an advisory, which urged the immediate remediation of the vulnerability that has been abused by ransomware operations since January. Such an alert comes after the SimpleHelp bug was reported by the FBI, CISA, and the Australian Cyber Security Centre to have been leveraged by the Play ransomware group in attacks involving the theft and encryption of victims' data. Intrusions involving the vulnerability have also been launched by the DragonForce ransomware gang to breach a managed service provider and its clients, according to a report from Sophos.
