“If a threat actor chains these vulnerabilities together and gains administrative access to a SimpleHelp server, they could theoretically use it to compromise devices running the SimpleHelp client software.” “The installer was pushed via a legitimate SimpleHelp RMM instance, hosted and operated by the MSP for their clients.” reads the report published by Sophos. “The attacker also used their access through the MSP’s RMM instance to gather information on multiple customer estates managed by the MSP, including collecting device names and configuration, users, and network connections.”
Author: Pierluigi Paganini
Published at: 2025-05-27 21:43:41
Still want to read the full version? Full article
