March 21, 2023

Threat actors are trying to capitalize on the ongoing Kaseya ransomware attack crisis by targeting potential victims in a spam campaign pushing Cobalt Strike payloads disguised as Kaseya VSA security updates.

Malicious emails sent as part of this campaign come with a malicious attachment and an embedded link designed to look like a Microsoft patch for the Kaseya VSA zero-day exploited in the REvil ransomware attack.

“It contains an attachment named ‘SecurityUpdates.exe’ as well as a link pretending to be security update from Microsoft to patch Kaseya vulnerability!”

The attackers gain persistent remote access to the targets systems once they run the malicious attachment or download and launch the fake Microsoft update on their devices.

Kaseya phishing

REvil ransomware attack that hit the Kaseya MSP software provider and approximately 60 out of 35,000 of their direct customers and 1,500 out of 1,000,000 downstream businesses makes for a perfect lure theme.

Kaseya says that it failed to deploy a fix for the VSA zero-day exploited by REvil, many of its customers might fall for this pishing campaign’s tricks in their effort to protect their networks from attacks.

Tags:

Leave a Reply

You may have missed

DotRunpeX – Malware Injector Spreads in Wild

DotRunpeX – Malware Injector Spreads in Wild

March 21, 2023
Killnet Targets Healthcare Azure Resources

Killnet Targets Healthcare Azure Resources

March 21, 2023
NBA suffers a Data Breach – Third Party Provider Data Stolen

NBA suffers a Data Breach – Third Party Provider Data Stolen

March 21, 2023
Ferrari – Cyber Attack Ransom Demanded

Ferrari – Cyber Attack Ransom Demanded

March 21, 2023
ForgeRock new Passwordless Service

ForgeRock new Passwordless Service

March 20, 2023
New Decryptor for Conti Ransomware Released

New Decryptor for Conti Ransomware Released

March 20, 2023
%d bloggers like this: