Hackers Exploit SimpleHelp RMM Vulnerabilities to Breach Networks

Hackers are actively targeting vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) software to infiltrate networks. These flaws allow attackers to download/upload files and gain admin-level access. While patches are available, unpatched systems remain at risk.

• Vulnerabilities Exploited:
  The flaws, tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, let hackers manipulate files and escalate privileges to admin levels. Patches were released in SimpleHelp versions 5.5.8, 5.4.10, and 5.3.9.
• Ongoing Attacks:
  A hacking campaign targeting SimpleHelp servers began shortly after the vulnerabilities were disclosed. Around 580 vulnerable systems are exposed online, with 345 located in the U.S.

• How Attacks Work:
  Attackers hijack the SimpleHelp client to connect it to unauthorized servers. Once inside, they use commands like net and nltest to gather system details, such as user accounts, shared resources, and Active Directory information.
• What You Should Do:
  - Update immediately to the latest patched versions of SimpleHelp.
  - Uninstall any unused SimpleHelp clients to reduce the risk of attacks.

The exploitation of SimpleHelp RMM vulnerabilities is a reminder to act fast on security updates and remove unused software. Net Protector urges all users to patch their systems and eliminate unnecessary tools to stay protected.