Case study

Third party serves as staging point for cryptojacking attack using Powershell

eSentire observed an unknown threat actor attempting to deploy Monero cryptocurrency mining malware to multiple eSentire customers. This increasingly common type of attack known as “cryptojacking” allows a hacker to leverage the computing power of devices on a personal or corporate network to mine cryptocurrencies, unbeknownst to the victim. Ultimately, this category of attack can lead to poor device performance or potential failure resulting in financial and regulatory repercussions.

Following an investigation from eSentire’s Security Operations Center (SOC) analysts, it was determined that the threat actor was leveraging a previously unknown vulnerability (zero-day exploit) in Kaseya’s Virtual Systems Administrator (VSA) agent as a vector to gain access to the clients’ network.

Read this case study for more details and to see how eSentire remediated the attack.

Get The Case study