Threatcluster
Medusa and DragonForce Ransomware Exploit RMM Tools in 2025 UK Attacks
First seen 30 Nov 2025, 12:41 UTC
•



+2
•75% similarity
•52.4
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
In 2025, ransomware groups Medusa and DragonForce targeted UK organizations by exploiting three critical vulnerabilities in the SimpleHelp Remote Monitoring and Management platform. These vulnerabilities (CVE-2024-57726, CVE-2024-57727, CVE-2024-57728) allowed unauthorized access through trusted third-party vendors and Managed Service Providers.
ThreatCluster AI