Affected SystemsĪll self-hosted VSA servers. The Kudelski Security Cyber Fusion Center and Kudelski Group were not affected as this solution is not leveraged internally nor externally. Once threat actors gained access to the VSA servers, they quickly locked legitimate users out of the systems and delivered a malicious payload to end user systems the compromised I.T management tool. The threat actors appear to have gained access by abusing authentication bypass and command injection bugs present on the management web UI. The attack was operated by compromising self-hosted Kayseya VSA servers. As of this writing the attack campaign has affected 60 I.T MSPs and over 1500 end clients. On July 2nd, a large-scale supply chain attack operation by the REvil ransomware group affected multiple I.T Managed Service Providers (MSPs) and leveraged the I.T MSP’s Kaseya VSA instances to infect the MSP’s clients.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |