CyberHappenings logo
☰
🏠 Home πŸ“‚ Browse ℹ️ About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Convicted REvil Affiliate Accuses Russia of Planning 2021 Kaseya Attack

First reported
Last updated
πŸ“° 1 unique sources, 1 articles

Summary

Hide β–²

A convicted REvil affiliate, Yaroslav Vasinskyi, has accused the Russian government of orchestrating the July 2021 Kaseya supply chain attack. Vasinskyi, serving a 13-year sentence for his role in numerous ransomware attacks, claimed that the Russian government chose the target and executed the attack to disrupt critical infrastructure. The revelation was made during a DEF CON 33 session by Jon DiMaggio and John Fokker, who discussed REvil's operations and the Kaseya attack. The Kaseya attack exploited a vulnerability in the company's remote monitoring software, VSA, compromising over 1,000 companies. The attack was one of REvil's most notorious, following a pattern of large-scale ransomware operations targeting high-value entities.

Timeline

  1. 11.08.2025 21:50 πŸ“° 1 articles Β· ⏱ 1mo ago

    Convicted REvil Affiliate Accuses Russia of Planning 2021 Kaseya Attack

    During a DEF CON 33 session, convicted REvil affiliate Yaroslav Vasinskyi accused the Russian government of orchestrating the 2021 Kaseya supply chain attack. Vasinskyi, serving a 13-year sentence, claimed that the Russian government chose the target and executed the attack to disrupt critical infrastructure. The revelation adds a geopolitical dimension to the incident, suggesting state-sponsored involvement in the cyber operation.

    Show sources
    Open in new tab

Information Snippets

  • REvil targeted a vulnerability in Kaseya's VSA software in a supply chain attack that compromised over 1,000 companies.

    First reported: 11.08.2025 21:50
    πŸ“° 1 source, 1 article
    Show sources

  • Yaroslav Vasinskyi, a convicted REvil affiliate, is serving a 13-year sentence for his role in over 2,500 ransomware attacks.

    First reported: 11.08.2025 21:50
    πŸ“° 1 source, 1 article
    Show sources

  • Vasinskyi claimed the Russian government orchestrated the Kaseya attack to disrupt critical infrastructure, not for financial gain.

    First reported: 11.08.2025 21:50
    πŸ“° 1 source, 1 article
    Show sources

  • REvil operated as a ransomware-as-a-service (RaaS) group, with a structured model supporting up to 40 affiliates at a time.

    First reported: 11.08.2025 21:50
    πŸ“° 1 source, 1 article
    Show sources

  • REvil's operations included a dedicated communication platform, a leak site for stolen data, and strict affiliate selection.

    First reported: 11.08.2025 21:50
    πŸ“° 1 source, 1 article
    Show sources

  • The Russian government has not officially acknowledged involvement in the Kaseya attack.

    First reported: 11.08.2025 21:50
    πŸ“° 1 source, 1 article
    Show sources

  • Vasinskyi alleged that he staged the attack but did not execute the ransomware payload, claiming Russian government involvement.

    First reported: 11.08.2025 21:50
    πŸ“° 1 source, 1 article
    Show sources

Similar Happenings

Iranian Cyber Threat Actors Targeting U.S. Critical Infrastructure

Iranian state-sponsored or affiliated cyber threat actors, specifically the group tracked as Storm-2460 and Homeland Justice, are actively targeting U.S. critical infrastructure and diplomatic entities globally. These actors exploit known vulnerabilities in unpatched software, compromise accounts with weak passwords, and collaborate with ransomware affiliates to encrypt, steal, and leak sensitive information. The PipeMagic malware, used to deploy RansomExx ransomware, has been observed targeting various sectors, including IT, financial, and real estate in multiple regions. The PipeMagic malware is now part of the Play ransomware attack chain and mimics ChatGPT Desktop to disguise itself. While no coordinated campaign has been detected, vigilance is urged. The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Department of Defense Cyber Crime Center (DC3), and National Security Agency (NSA) are actively monitoring and coordinating with partners to share intelligence and provide resources. Organizations are advised to report any suspicious activity.

Open in new tab