Federal cybersecurity officials report ransomware gangs are targeting a flaw in SimpleHelp remote software amid a wave of recent attacks.
CISA has issued a warning that hackers exploited CVE-2024-57727 in SimpleHelp tools to breach a utility billing software provider’s customer base.
Officials at CISA refused to elaborate on when the advisory was issued or which attacks were involved.
IT professionals often use SimpleHelp, a remote access solution that allows them to control and manage computers regardless of location.
“This incident reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp…since January 2025,” CISA said.
Federal officials believe CVE-2024-57727 was used by ransomware gangs to target unpatched SimpleHelp tools, impacting customers in dual-layer extortion attacks.
First cataloged by CISA in February, CVE-2024-57727 remains a top concern, with the agency urging rapid patching by vendors, customers, and end users.
Law enforcement reports that Play ransomware affiliates continue using a known SimpleHelp vulnerability to breach U.S. networks. The ongoing misuse of remote access tools like SimpleHelp is raising red flags among defenders.
