// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / SimpleHelp
Breach Record

SimpleHelp

DISCLOSED 2025-05-27 · SUPPLY CHAIN · RANSOMWARE

The DragonForce ransomware group has been observed abusing SimpleHelp remote access software in a supply chain attack targeting managed service providers. The attack leverages compromised MSP infrastructure to deploy ransomware on downstream customer systems. Specific details on data exposure or the initial access vector are not provided.

The record

What we know

Disclosed
2025-05-27
Attack vector
Supply Chain
Sector
technology
Domain
simple-help.com
RANSOMWARE ENDPOINT INVOLVED
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · unclear · opinion

Insufficient details on the initial compromise method to determine if a positive-security model would have prevented the attack.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other supply chain breaches on file

This page is the permanent ColdRecon entry for the SimpleHelp disclosure. It updates if new public reporting emerges. All tracked breaches →

SimpleHelp just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →