Threat actors have exploited recently patched security flaws in SimpleHelp's RMM software, leading to unauthorized access and potential ransomware deployment. Cybersecurity experts reported that vulnerabilities CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728 were utilized to gain access to a targeted network. Following this, the attackers implemented various post-exploitation actions, including creating administrator accounts and maintaining persistent access. These findings confirm earlier warnings about active exploitation of these vulnerabilities as part of ransomware attack strategies that might target vulnerable systems globally.
The attack involved the quick and deliberate execution of several post-compromise tactics, techniques and procedures (TTPs) including network and system discovery, administrator account creation, and the establishment of persistence mechanisms.
Successful exploitation of the security holes could allow for information disclosure, privilege escalation, and remote code execution.
Collection
[
|
...
]