IT service provider Kaseya used to launch hacker attack

05.07.2021 - Hackers are currently exploiting a vulnerability at the US IT service provider Kaseya. The firm's customers, which include hundreds of companies worldwide, are now in the attackers' sights. They are encrypting company data and demanding a ransom. As yet, the NCSC has not received any reports of Swiss companies being affected.

Icon: Melden Sie Sicherheitslücken beim Covid-Zertifikat

It emerged at the weekend that the attack on the US IT service provider Kaseya had made hundreds of companies the target of attackers. The hacker group REvil is suspected of being behind the attack. It is thought that the group hacked Kaseya's VSA desktop management tool and uploaded a malicious update which allows the US IT service provider's customers to be infected. The effects of the attack have been felt as far afield as Europe.

So far, no reports of Swiss firms being affected have reached the NCSC.

The NCSC performs constant monitoring and is in contact with Kaseya.

Preventive measures against ransomware attacks are published by the NCSC at:

In the event of an incident, the NCSC recommends the following course of action:

Last modification 05.07.2021

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/kaseya.html