• Language chooser
    • USA (English)
    • France (Français)

virus logo Outbreak Alert

Kaseya VSA Attack

Released: Jul 05, 2021

Download PDF »

Kaseya VSA Attack

Critical Severity

Attack Type

Exploited by REvil Ransomware

This report focusses on the Kaseya vulnerability itself -- A separate (dedicated) report is available for the REvil ransomware which exploits this vunlerability. Kaseya VSA product is the victim of a sophisticated cyberattack causing many of its customers to be infected with ransomware. On July 2, the SaaS version was temporarily shutdown, and Kaseya warned all its customers to immediately stop using the on-premise version until a patch is available. Nearly 40 of its MSP customers were reported hacked, who themselves manage hundreds or thousands of businesses underneath. https://www.nbcnews.com/tech/security/ransomware-attack-software-manager-hits-200-companies-rcna1338 Background Learn More »

Common Vulnerabilities and Exposures

CVE-2021-30116

Background

The US-CERT is published at: https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa

Threat Radar Overall Score:
CVSS Rating 9.0
FortiRecon Score 90/100
Known Exploited Yes
Exploit Prediction Score 88.54%
FortiGuard Telemetry 2

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


The US-CERT is published at:
https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa


Kaseya has released patches for their VSA server. Kaseya has released a Compromise Detection Tool, which can be downloaded at the following link:
https://kaseya.app.box.com/s/p9b712dcwfsnhuq2jmx31ibsuef6xict
More incident details have been provided at:
https://helpdesk.kaseya.com/hc/en-gb/articles/4403584098961
VSA On prmise runbook is provided at -
https://helpdesk.kaseya.com/hc/en-gb/articles/4403709150993
VSA SaaS runbook is provided at -
https://helpdesk.kaseya.com/hc/en-gb/articles/4403709476369
July 11: Kaseya released final patch for VSA on-premise deployments, and started upgrading SaaS instances

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • Vulnerability

  • IPS

DETECT

  • Outbreak Detection

  • Threat Hunting

RESPOND

  • Assisted Response Services

  • Automated Response

RECOVER

  • NOC/SOC Training

  • End-User Training

IDENTIFY

  • Attack Surface Hardening

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Indicator List
Indicator Type Status
aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6... domain Active
alhashem.net domain Active
ccpbroadband.com domain Active
cheminpsy.fr domain Active
euro-trend.pl domain Active
gamesboard.info domain Active
maureenbreezedancetheater.org domain Active
pelorus.group domain Active
run4study.com domain Active
ahouseforlease.com domain Active
bxdf.info domain Active
cerebralforce.net domain Active
conexa4papers.trade domain Active
importardechina.info domain Active
scenepublique.net domain Active
siliconbeach-realestate.com domain Active
smithmediastrategies.com domain Active
teresianmedia.org domain Active
testzandbakmetmening.online domain Active
thewellnessmimi.com domain Active
baylegacy.com domain Active
body-armour.online domain Active
ouryoungminds.wordpress.com domain Active
psnacademy.in domain Active
cursosgratuitosnainternet.com domain Active
layrshift.eu domain Active
streamerzradio1.site domain Active
zonamovie21.net domain Active
plv.media domain Active
tanciu.com domain Active
tstaffing.nl domain Active
tandartspraktijkhartjegroningen.nl domain Active
bigler-hrconsulting.ch domain Active
tophumanservicescourses.com domain Active
33bc14d231a4afaa18f06513766d5f69d8b88f1e697cd12... file Active
antonmack.de domain Active
bastutunnan.se domain Active
bigbaguettes.eu domain Active
catholicmusicfest.com domain Active
crediacces.com domain Active
dr-seleznev.com domain Active
fensterbau-ziegler.de domain Active
freie-baugutachterpraxis.de domain Active
igrealestate.com domain Active
logopaedie-blomberg.de domain Active
mrtour.site domain Active
muamuadolls.com domain Active
notmissingout.com domain Active
onlybacklink.com domain Active
schraven.de domain Active
the-virtualizer.com domain Active
tux-espacios.com domain Active
urmasiimariiuniri.ro domain Active
vesinhnha.com.vn domain Active
vetapharma.fr domain Active
zimmerei-fl.de domain Active
abogadosadomicilio.es domain Active
alten-mebel63.ru domain Active
answerstest.ru domain Active
blewback.com domain Active
cleliaekiko.online domain Active
crowd-patch.co.uk domain Active
danubecloud.com domain Active
dutchbrewingcoffee.com domain Active
em-gmbh.ch domain Active
hairstylesnow.site domain Active
jobmap.at domain Active
karacaoglu.nl domain Active
kath-kirche-gera.de domain Active
kissit.ca domain Active
madinblack.com domain Active
maxadams.london domain Active
microcirc.net domain Active
mylolis.com domain Active
parkcf.nl domain Active
pmcimpact.com domain Active
pomodori-pizzeria.de domain Active
ralister.co.uk domain Active
raschlosser.de domain Active
rosavalamedahr.com domain Active
roygolden.com domain Active
shhealthlaw.com domain Active
smejump.co.th domain Active
sportsmassoren.com domain Active
tenacitytenfold.com domain Active
ulyssemarketing.com domain Active
vannesteconstruct.be domain Active
ventti.com.ar domain Active
xoabigail.com domain Active
aurum-juweliere.de domain Active
blossombeyond50.com domain Active
miraclediet.fun domain Active
12starhd.online domain Active
filmstreamingvfcomplet.be domain Active
happyeasterimages.org domain Active
sanaia.com domain Active
simulatebrain.com domain Active
dr-pipi.de domain Active
journeybacktolife.com domain Active
manutouchmassage.com domain Active