Skip to content
You can now search across every topic, entity and event.What's new
Arctic Wolf
OrganisationUS

Arctic Wolf

Detection vendor that observed DragonForce using SimpleHelp RMM as initial access vector.

Last refreshed: 8 May 2026 · Appears in 1 active topic

Key Question

How many organisations are running unpatched SimpleHelp that DragonForce can now access?

Timeline for Arctic Wolf

#319 Apr

KB5091157, Gentlemen C2 intel, ENISA CNAs: in brief

Cybersecurity: Threats and Defences
View full timeline →
Common Questions
What did Arctic Wolf find about DragonForce ransomware?
Arctic Wolf observed DragonForce affiliates using SimpleHelp RMM vulnerabilities CVE-2024-57726 and CVE-2024-57728 as initial access vectors, exploiting the remote monitoring tool to gain a foothold in victim networks.Source: Arctic Wolf
What is Arctic Wolf and how does managed detection work?
Arctic Wolf provides managed detection and response (MDR) as a subscription, deploying sensors into customer environments and running security operations on their behalf. Founded in 2012, it serves mid-market organisations that lack in-house SOC capability.
What is managed detection and response and is Arctic Wolf a good choice?
Managed detection and response (MDR) means a third party runs continuous security monitoring and Incident Response on behalf of an organisation. Arctic Wolf targets mid-market customers who lack in-house SOC capability, deploying sensors into customer environments and operating the detection function as a subscription service.

Background

Arctic Wolf is a US-based cybersecurity firm providing managed detection and response (MDR) services and security operations as a subscription. In the U#3 reporting period, Arctic Wolf observed the DragonForce ransomware affiliate using SimpleHelp RMM vulnerabilities CVE-2024-57726 and CVE-2024-57728 as an initial access vector — part of The Gentlemen RaaS ecosystem's documented attack chains.

Arctic Wolf operates a cloud-native security operations platform and processes billions of security events daily from its customer base of mid-market and enterprise organisations. The company was founded in 2012 and has raised substantial venture capital, reaching a valuation exceeding $4 billion. Its MDR model differs from traditional vendors in that it deploys sensors into customer environments and runs the detection and response function on behalf of clients who lack in-house security operations capacity.

The SimpleHelp observation illustrates how legitimate remote-monitoring-and-management (RMM) tools are being weaponised as initial access vectors — a trend documented by NHS Digital's 2025 cyber alert and increasingly tracked by government agencies. Arctic Wolf's MDR telemetry provides visibility into SME and mid-market networks that are under-represented in enterprise-focused threat-intelligence.

More questions
How is Arctic Wolf connected to The Gentlemen ransomware investigation?
Arctic Wolf's MDR telemetry identified DragonForce affiliates using SimpleHelp RMM vulnerabilities CVE-2024-57726 and CVE-2024-57728 as initial access vectors within The Gentlemen RaaS ecosystem. This forensic finding confirmed how the group entered victim networks in the May 2026 reporting period.Source: Arctic Wolf
Source Material