Security News > 2022 > March > Alleged Kaseya ransomware attacker arrives in Texas for trial
Instead, it's remembered as the weekend of the infamous Kaseya ransomware attack.
In other words, the crooks used Kaseya's infrastructure to disseminate and detonate ransomware infections on Kaseya's customers' computers, combining two security weaknesses to spread their malware much more widely than if they had attacked Kaseya alone.
The first security hole was CVE-2021-30116, a previously unknown bug that allowed an attacker without a password to access Kaseya's system administration tools and inject unauthorised programs into the next update bundle pushed out to clients.
The second security hole was that the criminals deliberately installed their malicious "Update" into a special directory on those clients that was deliberately designated by Kaseya as exempt from local malware scanning.
In the alleged attack against Kaseya, Vasinskyi caused the deployment of malicious Sodinokibi/REvil code throughout [sic] a Kaseya product that caused the Kaseya production functionality to deploy REvil ransomware to "Endpoints" on Kaseya customer networks.
After the remote access to Kaseya endpoints was established, the ransomware was executed on those computers, which resulted in the encryption of data on computers of organizations around the world that used Kaseya software.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-09 | CVE-2021-30116 | Insufficiently Protected Credentials vulnerability in Kaseya VSA Agent and VSA Server Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. | 9.8 |