Kaseya VSA is a popular software for remote networks, used by many security vendors or by companies that provide specific IT services to other companies. On July 3, Kaseya VSA servers released and distributed malware, which spread to dedicated servers and led to the compromise and encryption of thousands of nodes at hundreds of different companies. The attack was quickly linked to a notorious group of hackers called “REvil”, themselves linked to Russia. Recently, security researchers reported that all of REvil’s darknet sites, including the payment site, the group’s public site, chat services, and its business portal, are now down.
A threat voluntarily removed or disabled?
Until now, experts still could not say the exact reason for the collapse of the Internet hackers group. However, for some, the group’s radical disappearance was seen more as the result of a repressive countermeasure than a concerted and voluntary action on the part of the hackers. The fact is that recurring cyber attacks on US soil had seriously damaged the already tense relations between the United States and Russia since the last presidential election.
But in Europe, Biden and Putin had come together, and frank and productive discussions could take place. In fact, a few days ago, US President Joe Biden revealed that he spoke directly to Russian President Vladimir Putin following REvil’s massive attack on Kaseya that affected nearly 1,500 organizations in the United States alone. “I said very clearly (…) that the United States expects them (note from the editor of the Russian authorities), when an operation of this type comes from their soil, even if it is not sponsored by the State, that they act if we give them they have enough information to do it, “said President Biden. Before adding:” We have launched a means of communication now on a regular basis to be able to communicate with each other when each of us thinks that something is happening in another country that affects the country of origin. (…) I am optimistic “.
An optimism that according to observers found here, in the disappearance of “REvil”, its justification. According to Allan Liska, an expert at the CSIRT, a center for the alert and response to computer attacks, aimed at companies or administrations, it was pleasant to think that the group of hackers had been “gagged” by the repression of the law. But confirmation from the Russian authorities was still needed. For other consultants, however, this disappearance of the group, even if it was a first victory, did not mean the end of the group’s activities. REvil could, according to them, reappear under another name and this time split into much more discrete entities.