💰🔗🐛
Kaseya Security Incident
July 2, 2021
1543 days ago
Resolved
Incident Overview
Situation Description
Kaseya experienced a supply chain attack by REvil ransomware actors exploiting a zero-day vulnerability in their VSA software, impacting at least 60 customers and 1,500 downstream businesses.
Event Types
Ransomware
Supply Chain Compromise
Software Vulnerability Exploitation
Industry Sector
TechnologyGeographic Scope
nanResponse Actions
Took Systems or Services Offline
Shared Threat Intelligence
Impact Analysis
Event Types (3 identified)
Ransomware
Supply Chain Compromise
Software Vulnerability Exploitation
Financial Impact
$0 USDRecords Affected
0Data Types Compromised
Operational / System Data
Primary Impacts
Operational Disruption
Key Decisions Made
Kaseya recommended shutting down all VSA and SaaS Servers immediately.; Kaseya released the VSA Detection Tool to help determine if VSA servers or managed endpoints were compromised.; Kaseya released additional details confirming the use of a zero-day vulnerability and providing IOCs and victimology information.
Technical Analysis
Attack Method
Unpatched Vulnerability
Threat Actor Attribution
REvil
Vulnerability / Tool
CVE-2021-30116
Additional Information
Quick Facts
- Company:
- Kaseya
- Date:
- July 2, 2021
- Status:
- Resolved
- Decision Maker:
- Kaseya
- Position:
- nan
- Published:
- 6/07/2021
Source Information
Original Query
"Kaseya" VSA ransomware attack "supply chain" responseTimeline
Information Published
6/07/2021
Incident Occurred
July 2, 2021 (1543 days ago)
Status: Resolved
Estimated resolution based on age