Malwarebytes found a malspam campaign banking on the ransomware attack that hit Kaseya VSA. The attack is a classic example of an opportunistic attack conducted by (potentially) another threat actor/group. The location where the payload is hosted is the same IP address used in another campaign pushing Dridex, a known information stealer. Ransomware actors are known to abuse legitimate software and make it part of their overall malicious attack against target organizations during their big game hunting (BGH) campaigns.”]
Source: https://blog.malwarebytes.com/social-engineering/2021/07/malspam-banks-on-kaseya-ransomware-attack/

