Kaseya warns customers of ongoing malspam campaign posing as security updates

Threat actors are conducting a spam campaign aimed at infecting Kaseya customers, posing as legitimate VSA security updates

Kaseya is warning customers of threat actors attempting to exploit the recent massive supply chain ransomware attack suffered by the company. The software provider is warning of an ongoing malspam campaign aimed at delivering malware into their networks, the messages used malicious attachments and embedded links posing as legitimate VSA security updates.

“As previously communicated, spammers are using the news about the Kaseya Incident to send out fake email notifications that appear to be Kaseya updates. These are phishing emails that may contain malicious links and/or attachments.” reads an important notice published by the company.
“Spammers may also be making phone calls claiming to be a Kaseya Partner reaching out to help. Kaseya IS NOT having any partners reach out – DO NOT respond to any phone calls claiming to be a Kaseya Partner.”

The company also reported that threat actors are contacting its customers via phone calls posing as Kaseya partners in charge of helping them after the ransomware attack. Kaseya recommends customers do not click on any links or download any attachments in emails claiming to be a Kaseya advisory.

Recently, researchers from Malwarebytes uncovered a malspam campaign aimed at spreading a link pretending to be a Microsoft security update, along with an executable file that’s dropping Cobalt Strike beacons and establish a backdoor to carry out malicious activities.

The message urges recipients to install the update from microsoft to protect against ransomware as soon as possible. This is fixing a vulnerability in VSA solution.

The attackers’ end goal is to deploy Cobal Strike beacons on the recipients’ devices to backdoor them and steal sensitive info or deliver more malware payloads.

Customers have to remain vigilant, threat actors could use the recent incident as a lure and leverage social engineering techniques to trick the victims into installing malware or providing sensitive information.

“DO NOT click on any links or download any attachments in emails claiming to be a Kaseya advisory. However, some customers have subscribed to our support site and, at this point, those automated emails may contain links. As a precaution, be careful with any links or attachments in any emails.” concludes the notice.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, malspam)

[adrotate banner=”5″]

[adrotate banner=”13″]