A vulnerability in software vendor Kaseya’s virtual system/server administrator (VSA) software has been exploited to deliver the “REvil” (aka Sodinokibi) ransomware to multiple managed service providers (MSPs) and their customers. This supply-chain attack reportedly exploited an authentication bypass vulnerability and delivered REvil via a fake security update. REvil reacted negatively to an Executive Order of US President Joe Biden, and it is realistically possible that this attack was retaliatory. Given that the attack occurred over the US Independence Day holiday weekend, and given the trust customers have placed in Kaseya’s VSA, REvil more likely focused its targeting on Kaseya rather than conducting an opportunistic attack. Any action taken by the US government in light of this attack is unlikely to slow down REvil’s operations, and more attacks are likely in the short-term future (within three months).
Want To Try Our Digital Risk Protection Tool?
Get Started FreeOther content in this Stream
Weekly Intelligence Summary 17 June 2022
Main story: Attackers seize Microsoft zero-day for malware dissemination, espionage
Weekly Intelligence Summary 29th Apr
Main story: Russian cyber attacks on Ukraine: Where’s the boom?
Weekly Intelligence Summary 22nd Apr
Main story: Karakurt Hacking Team moonlights as Conti side business
Weekly Intelligence Summary 14th Apr
RaidForums takedown sends cybercriminals scrambling
Weekly Intelligence Summary 25th Mar
Maverick extortionist group Lapsus$ goes after big tech
Weekly Intelligence Summary 18th Mar
US executive order pushes for responsible cryptocurrency use
Weekly Intelligence Summary 11th Mar
The Russia-Ukraine war has triggered a resurgence of hacktivism around the world
Weekly Intelligence Summary 4th Mar
The US government has issued an alert about the Iran-linked "MuddyWater" advanced persistent threat group
Weekly Intelligence Summary 25th Feb
Conti ransomware group aims to ascend with new tools, structure
Weekly Intelligence Summary 18th Feb
US DoJ arrests shine light on ease and impact of cryptocurrency laundering