Kaseya Service Chain Attack
REvil strikes again
In July 2021, Kaseya’s software tool VSA was compromised by ransomware group REvil. By bypassing authentication that’s needed to execute code, the group leveraged the VSA capability to deploy ransomware affecting service providers and about 1,500 organizations. This episode of the Juniper Threat Labs podcast explores the details.
How the Kaseya attack was deployed
How service providers were targeted and compromised
Why the attack wasn’t initially detected