216.73.217.139

Employee Monitoring and SimpleHelp Software Abused in Ransomware Operations

· Published 12/02/2026 10:39 · Modified 12/02/2026 21:53

Export JSON

Essential information

Published
12/02/2026 10:39
Modified
12/02/2026 21:53
Tags
2026-02-12 crazy crazy ransomware cryptocurrency employee monitoring net monitor ransomware remote access simplehelp voidcrypt vpn compromise
Related entities
8 observables, 4 others

Description

Threat actors have been observed exploiting for Employees Professional and software in operations. These legitimate tools were used for , command execution, and persistence. The attackers disguised as Microsoft OneDrive and configured with -related keyword triggers. In one case, the attack led to an attempted deployment of . The intrusions involved initial access through compromised VPN accounts, followed by the installation of these tools for remote control and monitoring. The shared infrastructure and tactics suggest a single threat actor or group behind these activities, with objectives including theft and deployment.

External references