Denk dat dit wel relevant is voor de nieuws redactie.
Weet niet echt waar ik dit kwijt moet maar er speelt potentieel een grote hack plaats op het MSP remote support/agent netwerk van Kaseya. op dit moment zijn er meerdere SAAS servers offline gehaald en word er aangeraden om per direct alle on prem servers offline te halen die publiekelijk toegankelijk zijn.
https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689
Maakt jou bedrijf hier gebruik van hou dit dan in de gaten.
De hack heeft de potentie invloed te hebben die net zo groot kan zijn als dat van Nable/solarwinds.
Volgens reddit link spreid de hack ransomware naar agents
https://www.reddit.com/r/...ked_with_randomware_that/
Saas servers die offline zijn gehaald:
Kaseya Cloud Status
Title: Emergency Maintenance VSA Cloud
Planned Start: July 2, 2021 2:13PM EDT
Expected End: July 2, 2021 8:00PM EDT
Affected Infrastructure
Components: VSA
Locations: EU - SAAS01, UK - SAAS02, EU - SAAS03, EU - SAAS04, EU - SAAS05, EU - SAAS06, EU - SAAS07, EU - SAAS08, EU - SAAS09, EU - SAAS10, EU - SAAS11, EU - SAAS12, EU - SAAS14, EU - SAAS15, EU - SAAS16, EU - SAAS17, EU - SAAS18, EU - SAAS19, EU - SAAS20, EU - SAAS21, EU - SAAS22, EU - SAAS23, EU - SAAS24, EU - SAAS25, EU - SAAS26, EU - SAAS27, EU - SAAS28, EU - SAAS29, EU - SAAS30, EU - SAAS32, EU - SAAS33, EU - SAAS34, EU - SAAS35, EU - SAAS36, EU - SAAS37, EU - SAAS38, EU - SAAS39, EU - SAAS40, EU - SAAS41, EU - SAAS42, EU - SAAS43, EU - SAAS44, EU - SAAS45, EU - SAAS46, EU - SAAS47, EU - SAAS48, EU - SAAS49, EU - UKVSA109, EU - UKVSA110, EU - UKVSA111, EU - VSA114, US - NA1VSA01, US - NA1VSA02, US - NA1VSA03, US - NA1VSA04, US - NA1VSA05, US - NA1VSA06, US - NA1VSA07, US - NA1VSA08, US - NA1VSA09, US - NA1VSA10, US - NA1VSA11, US - NA1VSA12, US - NA1VSA13, US - NA1VSA14, US - NA1VSA16, US - NA1VSA17, US - NA1VSA18, US - NA1VSA19, US - NA1VSA20, US - NA1VSA21, US - NA1VSA22, US - NA1VSA23, US - NA1VSA24, US - NA1VSA25, US - NA1VSA26, US - NA1VSA27, US - NA1VSA28, US - NA1VSA29, US - NA1VSA30, US - NA1VSA31, US - NA1VSA32, US - NA1VSA33, US - NA1VSA34, US - NA1VSA35, US - NA1VSA36, US - NA1VSA37, US - NA1VSA38, US - NA1VSA39, US - NA1VSA40, US - IAD2VSA01, US - IAD2VSA02, US - IAD2VSA03, US - IAD2VSA04, US - IAD2VSA05, US - IAD2VSA06, US – IAD2VSA07, US – IAD2VSA08, US – IAD2VSA09, US - IAD2VSA10, US - IAD2VSA12, US - IAD2VSA33, US - NA1VSA105, US - NA1VSA106, US - NA1VSA107, US - NA1VSA108, US - NA1VSA112, US - NA1VSA113, US - NA1VSA115, US - NA1VSA116, US - NA1VSA117, US - VSA118, US - NA1VSATRIAL03, Andromeda01, Andromeda02 - US01, Andromeda02 - US02, Andromeda02 - EU01, Andromeda03, Andromeda04, Aquila, Cygnus01, Cygnus02, Cygnus03, Cygnus04, Cygnus05, Cygnus06, CygnusNW, Draco01, Gemini01, Hydra01, Leo06, Leo45, Lynx01, Pegasus01, Tatooine01, Tatooine02, Tatooine03, Ursa01, ELOQUIO, US - VSA119, EU - VSA120, US - VSA121, US - VSA122, US-VSA123, US-VSA124, US - VSA125, US - VSA126, US-VSA127, EU-VSA128, EU - EMEAVSATRIAL07, EU - EUVSA01, EU-VSA129, EU - EUVSA02, US - VSA130, US - VSA131, EU - EUVSA03, US - VSA132, US - VSA133, US - VSA134, US - VSA135, US - VSA136, PHILKAS01, EU - EUVSA04, EU - EUVSA05, EU - EUVSA06, EU - EUVSA10, EU - EUVSA15, EU - EUVSA07, EU - EUVSA08, EU - EUVSA16, EU - EUVSA17, EU - EUVSA13, EU - EUVSA14, EU - EUVSA21, EU - EUVSA09, EU - EUVSA11, EU - EUVSA12, US - IAD2TRIAL1001, EU - EUVSA20
Details:
All VSA SaaS servers will be put into maintenance mode.
Based on the forensic patterns, ransomware notes and the TOR URL, we strongly believe a REvil/Sodinokibi RaaS affiliate is behind these intrusions.
The Huntress customer support team has started pre-emptively calling all of our VSA partners to make the aware of the situation. We currently have three Huntress partners who are impacted with roughly 200 businesses that have been encrypted. We are aware of at least 8 impacted MSP partners at this time.
Weet niet echt waar ik dit kwijt moet maar er speelt potentieel een grote hack plaats op het MSP remote support/agent netwerk van Kaseya. op dit moment zijn er meerdere SAAS servers offline gehaald en word er aangeraden om per direct alle on prem servers offline te halen die publiekelijk toegankelijk zijn.
https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689
Maakt jou bedrijf hier gebruik van hou dit dan in de gaten.
De hack heeft de potentie invloed te hebben die net zo groot kan zijn als dat van Nable/solarwinds.
Volgens reddit link spreid de hack ransomware naar agents
https://www.reddit.com/r/...ked_with_randomware_that/
Saas servers die offline zijn gehaald:
Kaseya Cloud Status
Title: Emergency Maintenance VSA Cloud
Planned Start: July 2, 2021 2:13PM EDT
Expected End: July 2, 2021 8:00PM EDT
Affected Infrastructure
Components: VSA
Locations: EU - SAAS01, UK - SAAS02, EU - SAAS03, EU - SAAS04, EU - SAAS05, EU - SAAS06, EU - SAAS07, EU - SAAS08, EU - SAAS09, EU - SAAS10, EU - SAAS11, EU - SAAS12, EU - SAAS14, EU - SAAS15, EU - SAAS16, EU - SAAS17, EU - SAAS18, EU - SAAS19, EU - SAAS20, EU - SAAS21, EU - SAAS22, EU - SAAS23, EU - SAAS24, EU - SAAS25, EU - SAAS26, EU - SAAS27, EU - SAAS28, EU - SAAS29, EU - SAAS30, EU - SAAS32, EU - SAAS33, EU - SAAS34, EU - SAAS35, EU - SAAS36, EU - SAAS37, EU - SAAS38, EU - SAAS39, EU - SAAS40, EU - SAAS41, EU - SAAS42, EU - SAAS43, EU - SAAS44, EU - SAAS45, EU - SAAS46, EU - SAAS47, EU - SAAS48, EU - SAAS49, EU - UKVSA109, EU - UKVSA110, EU - UKVSA111, EU - VSA114, US - NA1VSA01, US - NA1VSA02, US - NA1VSA03, US - NA1VSA04, US - NA1VSA05, US - NA1VSA06, US - NA1VSA07, US - NA1VSA08, US - NA1VSA09, US - NA1VSA10, US - NA1VSA11, US - NA1VSA12, US - NA1VSA13, US - NA1VSA14, US - NA1VSA16, US - NA1VSA17, US - NA1VSA18, US - NA1VSA19, US - NA1VSA20, US - NA1VSA21, US - NA1VSA22, US - NA1VSA23, US - NA1VSA24, US - NA1VSA25, US - NA1VSA26, US - NA1VSA27, US - NA1VSA28, US - NA1VSA29, US - NA1VSA30, US - NA1VSA31, US - NA1VSA32, US - NA1VSA33, US - NA1VSA34, US - NA1VSA35, US - NA1VSA36, US - NA1VSA37, US - NA1VSA38, US - NA1VSA39, US - NA1VSA40, US - IAD2VSA01, US - IAD2VSA02, US - IAD2VSA03, US - IAD2VSA04, US - IAD2VSA05, US - IAD2VSA06, US – IAD2VSA07, US – IAD2VSA08, US – IAD2VSA09, US - IAD2VSA10, US - IAD2VSA12, US - IAD2VSA33, US - NA1VSA105, US - NA1VSA106, US - NA1VSA107, US - NA1VSA108, US - NA1VSA112, US - NA1VSA113, US - NA1VSA115, US - NA1VSA116, US - NA1VSA117, US - VSA118, US - NA1VSATRIAL03, Andromeda01, Andromeda02 - US01, Andromeda02 - US02, Andromeda02 - EU01, Andromeda03, Andromeda04, Aquila, Cygnus01, Cygnus02, Cygnus03, Cygnus04, Cygnus05, Cygnus06, CygnusNW, Draco01, Gemini01, Hydra01, Leo06, Leo45, Lynx01, Pegasus01, Tatooine01, Tatooine02, Tatooine03, Ursa01, ELOQUIO, US - VSA119, EU - VSA120, US - VSA121, US - VSA122, US-VSA123, US-VSA124, US - VSA125, US - VSA126, US-VSA127, EU-VSA128, EU - EMEAVSATRIAL07, EU - EUVSA01, EU-VSA129, EU - EUVSA02, US - VSA130, US - VSA131, EU - EUVSA03, US - VSA132, US - VSA133, US - VSA134, US - VSA135, US - VSA136, PHILKAS01, EU - EUVSA04, EU - EUVSA05, EU - EUVSA06, EU - EUVSA10, EU - EUVSA15, EU - EUVSA07, EU - EUVSA08, EU - EUVSA16, EU - EUVSA17, EU - EUVSA13, EU - EUVSA14, EU - EUVSA21, EU - EUVSA09, EU - EUVSA11, EU - EUVSA12, US - IAD2TRIAL1001, EU - EUVSA20
Details:
All VSA SaaS servers will be put into maintenance mode.
Based on the forensic patterns, ransomware notes and the TOR URL, we strongly believe a REvil/Sodinokibi RaaS affiliate is behind these intrusions.
The Huntress customer support team has started pre-emptively calling all of our VSA partners to make the aware of the situation. We currently have three Huntress partners who are impacted with roughly 200 businesses that have been encrypted. We are aware of at least 8 impacted MSP partners at this time.
[ Voor 83% gewijzigd door firest0rm op 03-07-2021 00:27 ]