Supply chain – Multiple Danish organisations (Kaseya VSA)

The Kaseya VSA attack affected Danish MSPs and their customers via a zero-day vulnerability in Kaseya VSA. REvil exploited the vulnerability to distribute ransomware to thousands of organisations globally, including Danish ones.

Danish domains identified in the REvil configuration file: i-trust.dk, danskretursystem.dk, systemate.dk, koko-nora.dk, hmsdanmark.dk, advokathuset.dk, kirkepartner.dk, expandet.dk, polymedia.dk, erstatningsadvokaterne.dk, hushavefritid.dk, team-montage.dk, oemands.dk, piajeppesen.dk

Not all organisations in the configuration file were necessarily compromised — some may appear due to prior attacks.

• BleepingComputer — REvil hits 200 companies in MSP supply chain attack
• The Record — REvil supply chain attack via malicious Kaseya update
• DoublePulsar — Kaseya supply chain attack
• JoeSandbox — Analysis
• Reddit — Critical ransomware incident in progress