“the hunt to find origins of kaseya ' s vsa mass ransomware | huntress kaseya has a customer base of roughly 35, 000 businesses and organizations. these consist of approximately 17, 000 managed service providers, 18, 000 direct / var customers and a significant number of end users…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
97%
“been. when headlines and news articles fly claiming this is the “ biggest ransomware attack so far, ” the industry has to hone in on that key component : " so far. ” we can be thankful that this attack was relatively limited, but we can ’ t lose sight and not dig deeper to unders…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
81%
“servers back online ; however, any order to shut down after 1230 et would not have minimized the number of compromised msps. the attack chain huntress, in addition to other industry players, has observed that the ransomware incident used an attack chain consisting of ( 1 ) an aut…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
53%
“servers back online ; however, any order to shut down after 1230 et would not have minimized the number of compromised msps. the attack chain huntress, in addition to other industry players, has observed that the ransomware incident used an attack chain consisting of ( 1 ) an aut…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078.001Default Accounts
53%
“information : - credentials leak and business logic flaw : cve - 2021 - 30116 - sql injection vulnerability : cve - 2021 - 30117 while strict sql injection was not observed in the logs, just as with the other possibilities, it could have been done long before the actual exploitat…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
47%
“harder to do. so now what? we acknowledge this is purely discussion and speculation. considering the gravity of this widespread ransomware attack, we have to ask “ why was this constrained to only 50 - 60 affected msps, and why not more? ” we hope that outlining these potential i…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
34%
“information : - credentials leak and business logic flaw : cve - 2021 - 30116 - sql injection vulnerability : cve - 2021 - 30117 while strict sql injection was not observed in the logs, just as with the other possibilities, it could have been done long before the actual exploitat…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1080Taint Shared Content
31%
“servers back online ; however, any order to shut down after 1230 et would not have minimized the number of compromised msps. the attack chain huntress, in addition to other industry players, has observed that the ransomware incident used an attack chain consisting of ( 1 ) an aut…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1113Screen Capture
30%
“harder to do. so now what? we acknowledge this is purely discussion and speculation. considering the gravity of this widespread ransomware attack, we have to ask “ why was this constrained to only 50 - 60 affected msps, and why not more? ” we hope that outlining these potential i…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Our Security Researchers discuss how hackers executed the Kaseya VSA supply chain attack—and why the blast radius of the incident was relatively limited.