Ransomware Groups Medusa and DragonForce Exploit RMM Tools in 2025 Attacks
First seen 11 Nov 2025, 11:18 UTC
•
•83% similarity
•52
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
In 2025, ransomware groups Medusa and DragonForce targeted UK organizations by exploiting vulnerabilities in the SimpleHelp Remote Monitoring and Management platform. They leveraged three critical vulnerabilities (CVE-2024-57726, CVE-2024-57727, CVE-2024-57728) to gain unauthorized access through trusted third-party vendors and Managed Service Providers.
ThreatCluster AI