Kaseya VSA Attack: REvil Returns and Other Hackers Are Riding Their Coattails
released on 2021-07-08 @ 09:50:12 AM
The attack leveraged the on-premises servers deployed by IT Management Software vendor Kaseya. It was initially thought that Kaseya might have been compromised themselves as a root cause -- similar to the compromises associated with SolarWinds software in December of 2020. Instead, the attackers found and leveraged an unpatched zero-day vulnerability in Kaseya's VSA software. At the time of this blog, 1,500 downstream customers of these MSPs have been infected with ransomware.