DragonForce, a ransomware "cartel" that has gained significant popularity since its debut in 2023, attacked an MSP as part of a recent supply chain attack, via known SimpleHelp bugs.
May 27, 2025 By Alexander Culafi
The DragonForce ransomware gang attacked a managed service provider's (MSP) remote monitoring and management (RMM) tool in order to conduct a supply chain attack.
This news comes from Sophos, which today published research concerning an unnamed MSP and an attack conducted by DragonForce, a gang that emerged in 2023 and has become known for its unique ransomware-as-a-service (RaaS) scheme. The group exploited a chain of three vulnerabilities in the remote monitoring and management (RMM) tool SimpleHelp before deploying its ransomware at multiple endpoints and hitting downstream customers.
The MSP supply chain attack marks only the latest activity of a group that is quickly becoming one of the more popular options for affiliate hackers in the criminal underworld.
