Network Security, Vulnerability Management, Threat Intelligence

Threat actors exploit SimpleHelp RMM flaws for network access

Hacker attack computer hardware microchip while process data through internet network, 3d rendering insecure Cyber Security exploit database breach concept, virus malware unlock warning screen

Cybercriminals are reportedly exploiting recently patched security flaws in SimpleHelp Remote Monitoring and Management software to infiltrate target networks, according to BleepingComputer.

The vulnerabilities were disclosed by researchers at Horizon3 and are tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728. They enable attackers to upload and download files and elevate privileges to administrator levels. Patches for the flaws were released between Jan. 8 and 13 in SimpleHelp versions 5.5.8, 5.4.10, and 5.3.9. However, security firm Arctic Wolf reported that it has observed an attack campaign approximately one week after Horizon3’s disclosure that suggests threat actors may be exploiting these weaknesses. The company noted with medium confidence that the flaws are linked to the attacks and strongly recommends updating SimpleHelp to the latest versions. According to Arctic Wolf, the attackers targeted devices that already had the SimpleHelp process running in the background and proceeded to conduct intelligence-gathering activities before performing privilege escalation and lateral movement. However, the attack was interrupted before further exploitation. Shadowserver Foundation said it has identified 580 vulnerable SimpleHelp instances exposed online, with 345 located in the United States. Users are being advised to install the latest patches and remove SimpleHelp clients that are no longer actively used to minimize security risks.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds