eSentire Discloses New Threat Actor Leveraging Kaseya's Virtual Systems Administrator (VSA)

eSentire, disclosed to its customers a newly found threat actor it observed attempting to deploy a Monero cryptocurrency miner.

The threat leveraged Kaseya Ltd’s Virtual Systems Administrator (VSA) agent to gain unauthorized access to multiple customer assets since January 19, 2018. eSentire disclosed this issue to Kaseya, who is actively working to communicate and mitigate the issue.

eSentire CTO, Mark McArdle, says: "MeDoc’s compromise last year amplified third-party vendor risk. In this case, Kaseya provides infrastructure to many Managed Security Service Providers (MSPs) and enterprises. A vulnerability within this type of infrastructure provides attackers with a potentially massive platform to carry out their attacks. This most recent attack was a crypto-miner. It could just have easily been ransomware or a wiper.”

As soon as eSentire detected the threat, its SOC updated policies to ensure that any subsequent attacks were mitigated for its customers.

Also Read

Stay in the know with our newsletter