The hackers behind a mass ransomware attack exploited multiple previously unknown vulnerabilities in IT management software made by Kaseya, the latest sign of the skill and aggressiveness of the Russia-linked group believed responsible for the incidents, cybersecurity researchers said Sunday.
Marcus Murray, founder of Stockholm-based TrueSec, said his firm’s investigations involving multiple victims in Sweden found that the hackers targeted them opportunistically. In those cases, the hackers used a previously unknown flaw in Miami-based Kaseya’s code to push ransomware to servers that used the software and were connected to the internet, he said.
The Dutch Institute for Vulnerability Disclosure said it had alerted Kaseya to multiple vulnerabilities in its software that were then used in the attacks, and that it was working with the company on fixes when the ransomware was deployed.
Kaseya "showed a genuine commitment to do the right thing", the Dutch organisation wrote. "Unfortunately, we were beaten by REvil in the final sprint, as they could exploit the vulnerabilities before customers could even patch," it added, referring to the Russia-based hacking group. REvil was accused of being behind the May 30 ransomware attack of meatpacking giant JBS SA.
The findings differentiate the latest incident - which cybersecurity firm Huntress Labs said affected more than 1 000 businesses - from other recent assaults on the software supply chain.
Image Source: New Channel