A malware spam campaign is milking the Kaseya ransomware attacks against its Virtual System/Server Administrator (VSA) platform to spread a link pretending to be a Microsoft security update, along with an executable file that s dropping Cobalt Strike, researchers warn. The attackers are looking to gain persistent remote access to the systems of targeted victims who fall for the ploy, or download and launch the fake Microsoft update, on their devices. The fake security update is hosted on the same IP address used for another campaign pushing the Dridex banking trojan, researchers say.
Source: https://threatpost.com/fake-kaseya-vsa-update-cobalt-strike/167587/