Update Articles “case-kaseya”

DIVD-NL · Dec 13, 2024 · adf94cf · adf94cf
1 parent dd1d5b1
commit adf94cf
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/content/newsroom/articles/case-kaseya.en.md b/content/newsroom/articles/case-kaseya.en.md
@@ -72,9 +72,12 @@ Throughout the entire process, Kaseya responded promptly and cooperatively. Afte
 
 On July 2nd 2021 – at the start of the 4th of July weekend – ransomware gang [Revil](https://en.wikipedia.org/wiki/REvil) attacked many Kaseya VSA instances. This attack exploited the vulnerabilities, leaking credentials, and gaining authenticated access to a part of the Kaseya customer portal. Kaseya immediately contacted Wietse and Victor to help out and scan and warn all potential victims. Lennaert Oudshoorn, Joost Hendrickx, and Frank Breedijk soon joined in scanning all IP addresses for the presence of Kaseya VSA repeatedly and sending messages to the MSPs to turn off Kaseya VSA immediately. We also shared this list with Kaseya, who did their share in notifying their customers. Because our [fingerprint](https://www.divd.nl/warningemail/) contained a customer ID, Kaseya was able to link the instances to the customer and provided them with concrete information: turn off the Kaseya VSA instance on this IP address. In the first 48 hours, the instances that were reachable from the internet dropped from 2.000+ to 140. By working closely with trusted partners and national CERTs, the number of servers in The Netherlands dropped to zero that Sunday afternoon, the 4th of July. The [CSIRT case](https://csirt.divd.nl/cases/DIVD-2021-00002/) was closed on the 9th of July 2021.
 
+Want to read more about this case? Read on in [DIVD-2021-00002 - Kaseya VSA, behind the scenes](https://www.divd.nl/newsroom/articles/case-kaseya-vsa-behind-the-scenes/).
+
 ## More information
 
 - [DIVD-2021-00002 - Kaseya VSA](https://csirt.divd.nl/cases/DIVD-2021-00002/)
+- [DIVD-2021-00002 - Kaseya VSA, behind the scenes](https://www.divd.nl/newsroom/articles/case-kaseya-vsa-behind-the-scenes/)
 - [Kaseya: Important Notice August 4th, 2021](https://csirt.divd.nl/cases/DIVD-2021-00002/)
 - [CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack](https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa)
 - [Nieuwsuur: Hackers eisen 70 miljoen](https://www.npostart.nl/nieuwsuur/05-07-2021/VPWON_1324266)