IT management software maker Kaseya said the recent ransomware attack affected as many as 1,500 firms; it, however, claimed that there was no sign of malicious modifications to product source code.
The company also urged customers to immediately shut down on-premises servers running its VSA endpoint management and network monitoring tool because of a cyberattack, which exploited a zero-day flaw in the product.
Kaseya has provided consistent updates about the incident. While it primarily said that less than 40 of its 36,000 customers were affected, the number rose to fewer than 60 a few days later.
The number of affected Kaseya customers is fairly small, but the company’s products are used by managed service providers (MSPs) and the cybercriminals managed to deliver the ransomware to the customers of those MSPs as well.
Cybersecurity firm Kaspersky, which has also overseen the attack, said its products spotted more than 5,000 attack attempts across 22 countries.
Kaseya said the incident only affected its VSA product, and only on-premises customers, but it has also closed down its SaaS servers as a preventive measure.
As for the zero-day flaw exploited in the attack, the threat actors seem to have leveraged a verification bypass vulnerability impacting the VSA web interface to upload a malicious payload. They were then able to perform arbitrary code on compromised systems.