Threat actors are trying to capitalize on the ongoing Kaseya ransomware attack crisis by pushing Cobalt Strike payloads disguised as security updates. 66 percent of all ransomware attacks this quarter involved red-teaming framework CobaltStrike, Cisco Talos Incident Response team said in a September quarterly report. Malwarebytes Threat Intelligence researchers spotted the attacks using two different tactics to deploy the Cobalt strike payloads. Last month, threat actors also used fake systems updates claiming to help detect and block ransomware infections following the Colonial Pipeline attack.
Source: https://www.bleepingcomputer.com/news/security/fake-kaseya-vsa-security-update-backdoors-networks-with-cobalt-strike/