Hackers managed to breach through via the Remote DesktopĪccording to findings by Kyle Hanslovan, a CEO of security firm Huntress Lab, the hackers managed to breach MSPs servers with the help of Remote Desktop connection and then elevated their privileges to those of administrator's, which let them uninstall security applications, such as Webroot or ESET.Īfter disabling anti-malware software, threat actors remotely connected to MSPs clients' machines that ran Webroot SecureAnywhere console. Nevertheless, in Sodinokibi ransomware case, the source of the incident was compromised credentials rather than the vulnerability. Īmong other affected tools, reports claim that Kaseya VSA was also affected by the compromise and was used to deliver Sodinokibi ransomware.Īfter the compromise, attackers managed to deploy “1488.bat” script, which is very similar to the one used in GandCrab ransomware attacks, which also disabled the management console. The news came to light when Reddit user posted the revelation on the MSP message board.
Threat actors behind Sodinokibi ransomware managed to hack into at least three managed service providers (MSPs) and used remote management tools to distribute the malicious malware payload via the Webroot SecureAnywhere console.
Sodinokibi ransomware spread via Webroot SecureAnywhere console after hackers accessed its remote management tools Malicious actors behind Sodinokibi ransomware hacked MSPs to spread the malicious payload via the Webroot SecureAnywhere console
0 kommentar(er)
