Skip to main content

Threat Bulletin: SimpleHelp RMM Software Leveraged in Exploitation Attempt to Breach Networks

|

TLP WHITE –

Update January 30, 2025

Health-ISAC, in collaboration with AHA, has identified attempted and ongoing ransomware attacks potentially due to SimpleHelp remote monitoring and management (RMM) software vulnerabilities.  Based on the potential threat and impact on patient care, the AHA worked with Health-ISAC to ensure this bulletin is distributed widely to the health sector.  
 
It is strongly recommended that all instances of the SimpleHelp application, especially within health care organizations, be identified and appropriate patches be applied per the bulletin guidance. It is also strongly recommended that health care organizations ensure that all third-party and business associates using SimpleHelp also apply appropriate patches.

January 29, 2025

Recent reporting indicates that threat actors are exploiting patched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) software to gain unauthorized access to private networks. These vulnerabilities tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, were discovered by Horizon3 researchers in late December 2024 and disclosed to SimpleHelp on January 6, prompting the company to release patches. The flaws were publicly disclosed after the patches were released on January 13, 2025.

This campaign highlights the importance of patch management, as threat actors use exploits within a week of public disclosure. 

The vulnerabilities identified in SimpleHelp RMM could allow attackers to manipulate files and escalate privileges to administrative. A threat actor could chain these vulnerabilities in an attack to gain administrative access to the vulnerable server and then use that access to compromise the device running vulnerable SimpleHelp client software. 

TLPWHITE Cb3ee67f Simplehelp Rmm Software Leveraged In Exploitation Attempt To Breach Networks
Size : 139.4 kB Format : PDF

 

This site is registered on Toolset.com as a development site.