Posted on Leave a comment

Customers of Kaseya Targeted by a Spamming Campaign Mimicking as a Security Updates.

Last week we had seen how one of the well-known MSP faced the Cyber attack and the frequent updates on their incident investigation(link, link).

Kaseya has came up with the latest warning of malspam campaign targeting Kaseya customers by posing as a legitimate VSA Security updates. Also, advised the customers not to click on any unknown emails which may contain malicious links / attachments or any phone calls claiming to be Kaseya partners.

As per the recent Tweet by Malware threat intelligence team, they had observed the malspam campaign with the malicious attachment named “SecurityUpdates.exe” which pretends to be a security update for Kaseya Vulnerability released by Microsoft but on disguise it was a cobalt strike payload.

Malware bytes team has also released the IOC’s on this Cobalt Strike payload:

Cobalt Strike Payload: 5de6ec9265f79a31a9845c8a504d28f0

Download URL: http://45.153.241.113/download/pload.exe

Cobalt Strike C2: 31.42.177[.]52

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1

Leave a Reply