Ransomware attacks have evolved, with the Medusa and DragonForce groups exploiting SimpleHelp platform vulnerabilities to compromise organizations indirectly. They utilize trusted Managed Service Providers (MSPs) to breach security, marking a notable shift in ransomware tactics. By accessing supplier-controlled remote monitoring infrastructure, attackers can bypass traditional defenses, posing significant risks to numerous organizations.
Zensec identified coordinated attacks beginning in early 2025, with Medusa targeting in Q1 and DragonForce following in Q2. Both groups employed sophisticated methods to achieve systems control, including disabling security mechanisms and exfiltration of sensitive data before deploying ransomware. Medusa implemented advanced evasion techniques, using tools like PDQ Deploy to systematically disable Microsoft Defender, while DragonForce focused on gaining persistent access through local admin accounts and undermining backup systems. This new approach illustrates an increased level of operational sophistication in ransomware deployment.
👉 Pročitaj original: Cyber Security News
