Are Belgian government agencies and companies in danger?

Kaseya VSA software is used worldwide, including in Belgium. The CCB does not know all of its Belgian clients and to date has not received a report of a Belgian victim. However, it is still important to monitor this threat and to seek out and help potential victims.

What has the Center for Cybersecurity Belgium (CCB) done?

The CCB has taken this threat seriously from the start. On July 3, CERT.be, the CCB's operational department, sent a warning and advice to Kaseya VSA users.

• A supply chain attack is an attack against an external partner, such as a vendor or supplier, who has access to your network.
• Kaseya, a computer software provider, was the victim of a supply chain attack. The hackers managed to compromise Kaseya VSA, a software that allows remote management of systems, to attack users of this software.
• Kaseya customers using the VSA product could be targeted by a variant of the REvil ransomware.
• CERT.be, the operational department of the Cybersecurity Center Belgium (CCB), warned Kaseya VSA users on July 3 to temporarily disable the product until more information is available.
• There are currently no known Belgian victims. The CCB is monitoring the situation.
  • Follow Kaseya's advice and disable all instances of the Kaseya VSA server, at least until more information is available.
  • Organizations that provide Kaseya VSA should inform their customers of this threat and take appropriate action.
  • Kaseya VSA users need to strengthen their monitoring and suspicious activity detection capabilities in order to respond quickly to an intrusion.

https://cert.be/en/alert/warning-imminent-threat-ransomware-operators-are-exploiting-kaseya-supply-chain-attack