ctipilot.chSwitzerland · Europe · Public sector

DragonForce — ransomware-as-a-service operator exploiting SimpleHelp RMM

actor · actor:DragonForce

Coverage timeline
1
first 2026-05-07 → last 2026-05-07
Briefs
1
1 distinct
Sources cited
6
4 hosts
Sections touched
1
active_vulns
Co-occurring entities
0
no co-occurrence

Story timeline

  1. 2026-05-07CTI Daily Brief — 2026-05-07
    active_vulnsFirst coverage. Weaponised CVE-2024-57726 and CVE-2024-57728 in SimpleHelp RMM to target MSPs; CISA KEV listing confirmed active exploitation.

Where this entity is cited

  • active_vulns1

Source distribution

  • nvd.nist.gov3 (50%)
  • helpnetsecurity.com1 (17%)
  • securityboulevard.com1 (17%)
  • windowsforum.com1 (17%)

All cited sources (6)

Items in briefs about DragonForce — ransomware-as-a-service operator exploiting SimpleHelp RMM

No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.