Huntress: New Evidence MSPs Heavily Targeted by Hackers

The hacker boasted a high profit share, with only little left to do before exploiting the data.

Edward Gately, Senior News Editor

July 28, 2022

6 Slides
Another cloaked hacker

Already have an account?

Shutterstock

Huntress has discovered fresh evidence that MSPs remain an attractive supply chain target for hackers.

Huntress researchers discovered an ad posted on July 18 on an exploit[.]in forum from a user with the name “Beeper” looking for a partner to help process stolen data from over 50 MSP customers, 100 VMware ESXi servers and more than 1,000 servers. The hacker boasted a “high profit share,” with only little left to do before exploiting the data.

Huntress’ discovery comes shortly after a May 11 warning for all Five Eyes countries (Australia, Canada, New Zealand, the United Kingdom, and the United States) urging MSPs to prepare for malicious hackers and advanced persistent threat (APT) groups to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships.

Carvey-Harlan_Huntress.jpg

Huntress’ Harlan Carvey

Harlan Carvey is Huntress‘ senior incident responder for research and development.

“The ad appeared in Russian,” he said. “When the Russian was translated into English, it was pretty clear that somebody had gained access to what they described as an MSP. And it appears that they had access to the customer management portal or something similar, and were able to identify up to 50 customers. Apparently there was extensive use of virtualized systems as well. And it appeared on the surface that this threat actor was looking for assistance. Specifically, what kind of assistance wasn’t clear. If they were looking to take advantage of it or to do some additional work. But it seemed that they were looking for some help and then directed folks to reach out through direct messaging.”

Scroll through our slideshow above for more from Huntress on the continuing threat to MSPs.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:

MSPsChannel Research

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like