The dragonforce ransomware operation successfully dissolved a managed service provider and used its simplehelp remote monitoring and management (RMM) platform to steal data and deploy encrypters on the system of Downstream customers.
Sofos were brought to investigate the attack and believed that the danger actors explained a series of old simplicate weaknesses traveled as CVE -2024-57727, CVE -2024-577728, and CVE -2024–57726 to break the system.
Simplehelp is a commercial remote support and access tool that is commonly used by MSPS to manage the system and deploy software on customer network.
Report by sofos It is said that the danger actors first used Simplehail to reconcile on customer systems, such as collecting information about MSP customers, including device names and configurations, user and network connections.
The danger actors then attempted to steal data and deploy decripators on the customer network, which were blocked on one of the networks using Sophos andPoint Protection. However, other customers were not so lucky, the devices encrypted and stolen data for double-exertion attacks.
Sofos is Shared IOCS To help organizations related to this attack improve their network better.
MSPS have long been a valuable target for ransomware gangs, as the same violation can lead to attacks on many companies. Some ransomware colleagues have specifically specialized in the devices used by MSP, such as simplehlp, connectwaiz screens and kasia.
This has led to a devastating attacks, including Revil’s massive ransomware attacks on Kaseya, affecting more than 1,000 companies.
Dragonforce UK gets notorious benefits after retail attack
The Dragonforce Rainmware Gang has recently increased the infamous after being linked to a wave of high-profile retail breech, including the danger actors using scattered spider strategies.
As the first reported by Blapping Computer, the group’s ransomware was deployed in attacks on the United Kingdom Retaler Marx and Spencer. Soon after, actors with the same danger violated another UK retailer, co-op, who confirmed that a significant amount of customer data was stolen.
Bleepingcomputer earlier stated that the dragonforce is trying to create a “cartel” by offering a white-labeled ranges-a-e-survis (RAAS) model, allowing colleagues to deploy the rebranded versions of their encrypter.
With its rapidly affiliated-friendly approach and increasing list of victims, the Dragonforce is quickly becoming a major player in the ransomware landscape.
Based on the analysis of 14M malicious tasks, search for the top 10 MITERAT & CK techniques behind the 93% attacks and how to defend them against them.
