WASHINGTON, D.C. – Following an incident at US IT firm Kaseya in Miami, cybersecurity firm Huntress Labs reported on Friday that 200 American organizations have been targeted by ransomware attacks. Kaseya claimed it is looking into a “possible attack” on a commonly used tool for accessing corporate networks across the United States, according to a statement on its own website.
Kaseya said its VSA product, which is used by IT professionals to monitor and manage servers, desktops, network devices, and printers, may have been attacked in a statement https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-Important-Notice-July-2nd-2021.
It said it has responded by shutting down some of its infrastructure and advising clients who used VSA on their premises to turn down their servers right once.
“This is a gigantic and destructive supply chain assault,” Huntress senior security researcher John Hammond wrote in an email, referring to a hacker approach that involves hijacking one piece of software to corrupt hundreds or thousands of people at once.
Kaseya has the potential to extend to any size or scale firm, according to Hammond, because it is connected to everything from major organizations to tiny businesses.
A spokesperson from Kaseya could not be reached for comment by Reuters right away. The REvil ransomware gang, which the FBI blamed for paralyzing meat packer JBS last month https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-jbs-cyberattack, is likely to be behind the newest ransomware outbreak, according to Huntress. The hackers did not immediately respond to an email requesting comment. The US Cybersecurity and Infrastructure Security Agency issued a statement saying it was “taking measures to understand and solve the recent supply-chain ransomware assault” on Kaseya’s VSA product. After hackers allegedly working for the Russian government tampered with a network monitoring tool produced by Texas software firm SolarWinds, supply chain threats have risen to the top of the cybersecurity agenda. Kaseya has 40,000 customers, albeit not all of them utilize the impacted tool. (Raphael Satter contributed reporting; Joseph Menn contributed further reporting in San Francisco; Leslie Adler and Alistair Bell edited)/n
