A vulnerability in software vendor Kaseya’s virtual system/server administrator (VSA) software has been exploited to deliver the “REvil” (aka Sodinokibi) ransomware to multiple managed service providers (MSPs) and their customers. This supply-chain attack reportedly exploited an authentication bypass vulnerability and delivered REvil via a fake security update. REvil reacted negatively to an Executive Order of US President Joe Biden, and it is realistically possible that this attack was retaliatory. Given that the attack occurred over the US Independence Day holiday weekend, and given the trust customers have placed in Kaseya’s VSA, REvil more likely focused its targeting on Kaseya rather than conducting an opportunistic attack. Any action taken by the US government in light of this attack is unlikely to slow down REvil’s operations, and more attacks are likely in the short-term future (within three months).

×
Want these
Threat Intelligence reports sent straight to your inbox?
Subscribe below!
Thank you!
Error - something went wrong!
Most Recent Flipbooks
Weekly Intelligence Summary 21 October
Main story: Ransom Cartel and REvil: Partners in cybercrime?
Weekly Intelligence Summary 14 Oct
Main story: Hacktivists fan flames of Iranian anti-regime protests
Weekly Intelligence Summary 07 Oct
Main story: ProxyNotShell spells déjà vu for MS Exchange Server defenders
Weekly Intelligence Summary 30 Sept
Main story: Rogue ex-developer leaks LockBit 3.0 builder
Weekly Intelligence Summary 23 Sept
Main story: Uber compromised by Lapsus$'s resurgence
Weekly Intelligence Summary 16 Sept
Main story: Cyber attacks shock the Italian energy sector
Weekly Intelligence Summary 09 Sept
Main story: Back to school for students and ransomware groups
Weekly Intelligence Summary 02 Sept
Main story: LastPass suffers source code data breach