<ul><li>DragonForce ransomware group exploited three vulnerabilities in SimpleHelp platform to breach systems of a major Managed Service Provider (MSP).</li><li>The attack involved deploying the ransomware via a legitimate SimpleHelp RMM instance operated by the MSP for their clients.</li><li>Sophos MDR researchers discovered the incident after spotting a suspicious installation of a SimpleHelp file on the MSP's system, leading to a ransomware infection.</li><li>DragonForce hackers utilized the MSP's RMM access to gather information on multiple customer estates managed by the MSP, including device names, configurations, users, and network connections.</li></ul>

DragonForce ransomware hacks SimpleHelp RMM tool to attack MSPs

Discover more