As fake updates target victims, Kaseya allegedly knew of exploited vulnerability in April
SHARE
Users of software from Kaseya Ltd. are being targeted with fake updates following an attack by the REvil ransomware group, as it was revealed today that the company was allegedly informed of a vulnerability exploited in a ransomware attack by REvil in April.
Detected by researchers at Malwarebytes Labs, the campaign targets potential victims with spam that pushes Cobalt Strike payloads disguised as Kaseya VSA security updates.
Cobalt Strike is penetration testing software with legitimate uses but can also be used by bad actors to attack a company. As noted in November, when the source code for software allegedly leaked, in the hands of hackers the software can be used to identify security issues that can be exploited.
Following Kaseya VSA attack, REvil ransomware gang demands $70M
SHARE
It’s never a dull day in cybersecurity. How many companies have been affected is the question of the day following news yesterday that the REvil ransomware gang had exploited Kaseya VSA and taken down a Swiss supermarket.
The REvil ransomware gang has targeted companies using information technology management software from Kaseya Ltd. The attack, which came ahead of Independence Day in the U.S., targeted managed service providers using Kaseya VSA in a supply-chain attack. The first confirmed victim was Coop, a Swiss supermarket chain that was forced to close about 500 stores as their cash registers and other payment options were taken down.