Arctic Wolf
Detection vendor that observed DragonForce using SimpleHelp RMM as initial access vector.
Last refreshed: 8 May 2026 · Appears in 1 active topic
How many organisations are running unpatched SimpleHelp that DragonForce can now access?
Timeline for Arctic Wolf
KB5091157, Gentlemen C2 intel, ENISA CNAs: in brief
Cybersecurity: Threats and Defences- What did Arctic Wolf find about DragonForce ransomware?
- Arctic Wolf observed DragonForce affiliates using SimpleHelp RMM vulnerabilities CVE-2024-57726 and CVE-2024-57728 as initial access vectors, exploiting the remote monitoring tool to gain a foothold in victim networks.Source: Arctic Wolf
- What is Arctic Wolf and how does managed detection work?
- Arctic Wolf provides managed detection and response (MDR) as a subscription, deploying sensors into customer environments and running security operations on their behalf. Founded in 2012, it serves mid-market organisations that lack in-house SOC capability.
- What is managed detection and response and is Arctic Wolf a good choice?
- Managed detection and response (MDR) means a third party runs continuous security monitoring and Incident Response on behalf of an organisation. Arctic Wolf targets mid-market customers who lack in-house SOC capability, deploying sensors into customer environments and operating the detection function as a subscription service.
- How is Arctic Wolf connected to The Gentlemen ransomware investigation?
- Arctic Wolf's MDR telemetry identified DragonForce affiliates using SimpleHelp RMM vulnerabilities CVE-2024-57726 and CVE-2024-57728 as initial access vectors within The Gentlemen RaaS ecosystem. This forensic finding confirmed how the group entered victim networks in the May 2026 reporting period.Source: Arctic Wolf
Background
Arctic Wolf is a US-based cybersecurity firm providing managed detection and response (MDR) services and security operations as a subscription. In the U#3 reporting period, Arctic Wolf observed the DragonForce ransomware affiliate using SimpleHelp RMM vulnerabilities CVE-2024-57726 and CVE-2024-57728 as an initial access vector — part of The Gentlemen RaaS ecosystem's documented attack chains.
Arctic Wolf operates a cloud-native security operations platform and processes billions of security events daily from its customer base of mid-market and enterprise organisations. The company was founded in 2012 and has raised substantial venture capital, reaching a valuation exceeding $4 billion. Its MDR model differs from traditional vendors in that it deploys sensors into customer environments and runs the detection and response function on behalf of clients who lack in-house security operations capacity.
The SimpleHelp observation illustrates how legitimate remote-monitoring-and-management (RMM) tools are being weaponised as initial access vectors — a trend documented by NHS Digital's 2025 cyber alert and increasingly tracked by government agencies. Arctic Wolf's MDR telemetry provides visibility into SME and mid-market networks that are under-represented in enterprise-focused threat-intelligence.