Kaseya cautioned its customers that an ongoing phishing campaign is attempting to hack their networks by sending emails with malicious attachments and embedded links that pose as VSA security updates.
While Kaseya gave no further details on the attacks, the warning is the latest in a series of malspam emails targeting Kaseya customers with Cobalt Strike payloads.
The ultimate goal of the attackers is to install Cobal Strike beacons on the recipient’s devices to backdoor them and steal sensitive information or deliver other malicious software payloads.
As soon as the targets run the malicious attachment or download the fake Microsoft update and run it on their devices, the attackers gain permanent remote access to the now compromised systems.
Since Kaseya has so far failed to find a solution to REvil’s VSA zero-day breach, some of its customers may fall for the tricks of this campaign.
The infamous REvil ransomware attack, which hit Kaseya and around 1,500 of its direct customers and downstream companies, makes for a perfect lure theme.
After the attack became public, CISA and the FBI issued steps to deal with the aftermath of the attack, and the White House National Security Council urged victims to follow the instructions issued by Kaseya and report incidents to the FBI.
Despite the enormous scope of the attack, however, several victims stated that their backups were not affected and they restored the systems instead of paying the ransom.
Victims who ultimately pay the ransoms of REvil are likely to do so only because their backups have failed, or because they had none at all.
For more information, read the original story in Bleeping Computer.