This is what to expect when a managed service provider gets popped

2022-07-30 00:30

A Russian-language miscreant claims to have hacked their way into a managed service provider, and has asked for help monetizing what's said to be access to the networks and computers of that MSP's 50-plus US customers.

These kinds of service providers typically remotely manage their many clients' IT infrastructure and software, and so infiltrating one MSP can unlock a route into a great number of organizations.

In forum post in which someone bragged they had access to 50-plus American companies via an MSP's control panel.

The miscreant said they were looking for a partner in crime to help them turn a profit from this unauthorized access - presumably by extorting the MSP's customers after stealing and encrypted their data - and that the poster's share of the ill-gotten gains will be significant seeing as they did all the initial work.

Also the fact that they need help extorting an MSP's clients suggests someone new to this game.

Second, the underground forum ads suggest that "MSPs remain an attractive supply chain target for attackers, particularly initial access brokers," Carvey wrote, pointing to a May security alert from Five Eyes' cybersecurity authorities.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/30/msp_access_russia/