Threat actors are conducting a spam campaign aimed at infecting Kaseya customers, posing as legitimate VSA security updates
Kaseya is warning customers of threat actors attempting to exploit the recent massive supply chain ransomware attack suffered by the company. The software provider is warning of an ongoing malspam campaign aimed at delivering malware into their networks, the messages used malicious attachments and embedded links posing as legitimate VSA security updates.
“As previously communicated, spammers are using the news about the Kaseya Incident to send out fake email notifications that appear to be Kaseya updates. These are phishing emails that may contain malicious links and/or attachments.” reads an important notice published by the company.
“Spammers may also be making phone calls claiming to be a Kaseya Partner reaching out to help. Kaseya IS NOT having any partners reach out – DO NOT respond to any phone calls claiming to be a Kaseya Partner.”
The company also reported that threat actors are contacting its customers via phone calls posing as Kaseya partners in charge of helping them after the ransomware attack. Kaseya recommends customers do not click on any links or download any attachments in emails claiming to be a Kaseya advisory.
Recently, researchers from Malwarebytes uncovered a malspam campaign aimed at spreading a link pretending to be a Microsoft security update, along with an executable file that’s dropping Cobalt Strike beacons and establish a backdoor to carry out malicious activities.
The message urges recipients to install the update from microsoft to protect against ransomware as soon as possible. This is fixing a vulnerability in VSA solution.
A #malspam campaign is taking advantage of Kaseya VSA #ransomware attack to drop #CobaltStrike.
It contains an attachment named "SecurityUpdates.exe" as well as a link pretending to be security update from Microsoft to patch Kaseya vulnerability! pic.twitter.com/0nIAOX786i— Malwarebytes Threat Intelligence (@MBThreatIntel) July 6, 2021
The attackers’ end goal is to deploy Cobal Strike beacons on the recipients’ devices to backdoor them and steal sensitive info or deliver more malware payloads.
Customers have to remain vigilant, threat actors could use the recent incident as a lure and leverage social engineering techniques to trick the victims into installing malware or providing sensitive information.
“DO NOT click on any links or download any attachments in emails claiming to be a Kaseya advisory. However, some customers have subscribed to our support site and, at this point, those automated emails may contain links. As a precaution, be careful with any links or attachments in any emails.” concludes the notice.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, malspam)
Share On
Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at “Cyber Defense Magazine”, Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog “Security Affairs” recently named a Top National Security Resource for US. Pierluigi is a member of the “The Hacker News” team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”.
Threat actors are conducting a spam campaign aimed at infecting Kaseya customers, posing as legitimate VSA security updates
Kaseya is warning customers of threat actors attempting to exploit the recent massive supply chain ransomware attack suffered by the company. The software provider is warning of an ongoing malspam campaign aimed at delivering malware into their networks, the messages used malicious attachments and embedded links posing as legitimate VSA security updates.
“As previously communicated, spammers are using the news about the Kaseya Incident to send out fake email notifications that appear to be Kaseya updates. These are phishing emails that may contain malicious links and/or attachments.” reads an important notice published by the company.
“Spammers may also be making phone calls claiming to be a Kaseya Partner reaching out to help. Kaseya IS NOT having any partners reach out – DO NOT respond to any phone calls claiming to be a Kaseya Partner.”
The company also reported that threat actors are contacting its customers via phone calls posing as Kaseya partners in charge of helping them after the ransomware attack. Kaseya recommends customers do not click on any links or download any attachments in emails claiming to be a Kaseya advisory.
Recently, researchers from Malwarebytes uncovered a malspam campaign aimed at spreading a link pretending to be a Microsoft security update, along with an executable file that’s dropping Cobalt Strike beacons and establish a backdoor to carry out malicious activities.
The message urges recipients to install the update from microsoft to protect against ransomware as soon as possible. This is fixing a vulnerability in VSA solution.
A #malspam campaign is taking advantage of Kaseya VSA #ransomware attack to drop #CobaltStrike.
It contains an attachment named "SecurityUpdates.exe" as well as a link pretending to be security update from Microsoft to patch Kaseya vulnerability! pic.twitter.com/0nIAOX786i— Malwarebytes Threat Intelligence (@MBThreatIntel) July 6, 2021
The attackers’ end goal is to deploy Cobal Strike beacons on the recipients’ devices to backdoor them and steal sensitive info or deliver more malware payloads.
Customers have to remain vigilant, threat actors could use the recent incident as a lure and leverage social engineering techniques to trick the victims into installing malware or providing sensitive information.
“DO NOT click on any links or download any attachments in emails claiming to be a Kaseya advisory. However, some customers have subscribed to our support site and, at this point, those automated emails may contain links. As a precaution, be careful with any links or attachments in any emails.” concludes the notice.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, malspam)