
Arctic Wolf
Detection vendor that observed DragonForce using SimpleHelp RMM as initial access vector.
Last refreshed: 8 May 2026 · Appears in 1 active topic
How many organisations are running unpatched SimpleHelp that DragonForce can now access?
Timeline for Arctic Wolf
KB5091157, Gentlemen C2 intel, ENISA CNAs: in brief
Cybersecurity: Threats and DefencesWhat did Arctic Wolf find about DragonForce ransomware?
What is Arctic Wolf and how does managed detection work?
What is managed detection and response and is Arctic Wolf a good choice?
Background
Arctic Wolf is a US-based cybersecurity firm providing managed detection and response (MDR) services and security operations as a subscription. In the U#3 reporting period, Arctic Wolf observed the DragonForce ransomware affiliate using SimpleHelp RMM vulnerabilities CVE-2024-57726 and CVE-2024-57728 as an initial access vector — part of The Gentlemen RaaS ecosystem's documented attack chains.
Arctic Wolf operates a cloud-native security operations platform and processes billions of security events daily from its customer base of mid-market and enterprise organisations. The company was founded in 2012 and has raised substantial venture capital, reaching a valuation exceeding $4 billion. Its MDR model differs from traditional vendors in that it deploys sensors into customer environments and runs the detection and response function on behalf of clients who lack in-house security operations capacity.
The SimpleHelp observation illustrates how legitimate remote-monitoring-and-management (RMM) tools are being weaponised as initial access vectors — a trend documented by NHS Digital's 2025 cyber alert and increasingly tracked by government agencies. Arctic Wolf's MDR telemetry provides visibility into SME and mid-market networks that are under-represented in enterprise-focused threat-intelligence.