Threat Bulletin: SimpleHelp RMM Software Leveraged in Exploitation Attempt to Breach Networks

January 29, 2025 | Threat Intelligence

TLP WHITE – January 29, 2025

Recent reporting indicates that threat actors are exploiting patched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) software to gain unauthorized access to private networks. These vulnerabilities tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, were discovered by Horizon3 researchers in late December 2024 and disclosed to SimpleHelp on January 6, prompting the company to release patches. The flaws were publicly disclosed after the patches were released on January 13, 2025.

This campaign highlights the importance of patch management, as threat actors use exploits within a week of public disclosure.

The vulnerabilities identified in SimpleHelp RMM could allow attackers to manipulate files and escalate privileges to administrative. A threat actor could chain these vulnerabilities in an attack to gain administrative access to the vulnerable server and then use that access to compromise the device running vulnerable SimpleHelp client software.

TLPWHITE Cb3ee67f Simplehelp Rmm Software Leveraged In Exploitation Attempt To Breach Networks
Size : 139.4 kB Format : PDF

Threat Bulletin: SimpleHelp RMM Software Leveraged in Exploitation Attempt to Breach Networks

TLP WHITE – January 29, 2025

Strengthen your organization AND the resiliency of the global health sector

Membership

Sponsorship