H-ISAC TLP White Threat: SimpleHelp RMM Software Leveraged in Exploitation Attempt to Breach Networks

Recent reporting indicates that threat actors are exploiting patched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) software to gain unauthorized access to private networks. These vulnerabilities tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, were discovered by Horizon3 researchers in late December 2024 and disclosed to SimpleHelp on January 6, prompting the company to release patches. The flaws were publicly disclosed after the patches were released on January 13, 2025.

This campaign highlights the importance of patch management, as threat actors use exploits within a week of public disclosure. 

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Advisory
SimpleHelp Remote Access Software Vulnerable to Ransomware Attacks
Public
Advancing Health Podcast
How to Survive a Cyberattack with Scripps Health: Part Four
Public
Advancing Health Podcast
How to Survive a Cyberattack with Scripps Health: Part Three
Public
Advancing Health Podcast
Effective Strategies to Combat Burnout and Promote Wellness in Health Care: Insights from Corewell Health
Public
Advisory
AHA Member Advisory with Resources for Hospitals and Health Systems
Member
AHA Center for Health Innovation Market Scan
Assessing the Health Care Environment for 2025
Public