Throughout March, analysts at Arete identified several distinct trends behind the threat actors perpetrating cybercrime activities:
- Akira was once again one of the top threat groups in March and has been the most active group observed each month since November 2024. Akira tied with INC Ransom, Luna Moth, and RansomHub for the top spot, and combined these groups were responsible for almost half of all ransomware and extortion engagements for the month.
- In March, Arete observed several threat groups, including INC Ransom and RansomHub, exploiting vulnerabilities in the SimpleHelp Remote Monitoring and Management (RMM) software. The vulnerabilities – CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728 – affect SimpleHelp versions 5.5.7 and earlier and can allow for unauthenticated path traversal, remote code execution, and privilege escalation. A patch for these vulnerabilities can be found here
Related Resources
![]()
Browser Threats Evolve to Distribute Malware Through OneDrive and Microsoft Teams
Threat actors use a new browser cache smuggling technique to inject malware via OneDrive and Teams, bypassing EDR with DLL proxying and social engineering.
Read more![]()
RansomHub Leverages New “Betruger” Backdoor
Betruger is a custom backdoor used in RansomHub ransomware attacks. It streamlines hacking with built-in tools for keylogging, C2 uploads, and privilege escalation.
Read more![]()
AI Deep Dive Part 3: Understanding Biases & How Threat Actors Use AI
Protect your data from AI risks. Learn how to safeguard sensitive information, manage AI inputs, and store data securely.
Read more
