CyberHappenings logo
☰
🏠 Home 📂 Browse ℹī¸ About

Convicted REvil Affiliate Accuses Russian Government of Planning 2021 Kaseya Attack

First reported
Last updated
📰 1 unique sources, 1 articles

Summary

Hide ▲

A convicted REvil affiliate, Yaroslav Vasinskyi, has accused the Russian government of planning the 2021 Kaseya supply chain attack. Vasinskyi, who was sentenced to over 13 years in prison for his role in numerous ransomware attacks, claims that the Russian government orchestrated the attack to disrupt downstream systems and gain access to critical infrastructure. The Kaseya attack exploited a vulnerability in the company's remote monitoring software VSA, compromising over 1,000 companies. During a DEF CON 33 session, cybersecurity experts Jon DiMaggio and John Fokker discussed REvil's operations and the Kaseya attack. Vasinskyi, who was extradited to the US in early 2022, reportedly communicated with DiMaggio from prison, revealing details about the attack and the Russian government's involvement. The session highlighted REvil's sophisticated ransomware-as-a-service model and its operational tactics.

Timeline

  1. 11.08.2025 21:50 📰 1 articles

    Convicted REvil Affiliate Accuses Russian Government of Planning 2021 Kaseya Attack

    During a DEF CON 33 session, cybersecurity experts discussed the 2021 Kaseya attack and REvil's operations. Convicted REvil affiliate Yaroslav Vasinskyi accused the Russian government of planning the attack, revealing details about the government's alleged involvement and motives. The session highlighted REvil's sophisticated ransomware-as-a-service model and operational tactics. Vasinskyi's claims provide new insights into the geopolitical dimensions of cybercrime and raise questions about the ongoing pursuit of REvil's leadership.

    Show sources
    Open in new tab

Information Snippets

  • REvil targeted a vulnerability in Kaseya's remote monitoring software VSA in a supply chain attack that compromised over 1,000 companies.

    First reported: 11.08.2025 21:50
    📰 1 source, 1 article
    Show sources

  • The US Department of Justice (DOJ) unsealed documents against two alleged REvil operators, Yevgeniy Polyanin and Yaroslav Vasinskyi, in November 2021.

    First reported: 11.08.2025 21:50
    📰 1 source, 1 article
    Show sources

  • Vasinskyi was sentenced to over 13 years in prison and fined over $16 million for his role in over 2,500 ransomware attacks and demanding over $700 million in ransom payments.

    First reported: 11.08.2025 21:50
    📰 1 source, 1 article
    Show sources

  • REvil operated as a ransomware-as-a-service (RaaS) model with five admins and up to 40 affiliates at any given time.

    First reported: 11.08.2025 21:50
    📰 1 source, 1 article
    Show sources

  • REvil was known for its big game attacks but also targeted individual consumers.

    First reported: 11.08.2025 21:50
    📰 1 source, 1 article
    Show sources

  • REvil had a dedicated communication platform, used a leak site to publish stolen data, and had stable malware and decryptors.

    First reported: 11.08.2025 21:50
    📰 1 source, 1 article
    Show sources

  • REvil's operations were dismantled in an international infrastructure takedown operation on October 21, 2021.

    First reported: 11.08.2025 21:50
    📰 1 source, 1 article
    Show sources

  • Vasinskyi claims that the Russian government picked the target and orchestrated the Kaseya attack, with Vasinskyi acting as the architect to create the relevant zero-day exploit.

    First reported: 11.08.2025 21:50
    📰 1 source, 1 article
    Show sources

  • Vasinskyi alleges that the Russian government's motive was to disrupt downstream systems and gain access to critical infrastructure.

    First reported: 11.08.2025 21:50
    📰 1 source, 1 article
    Show sources

  • Vasinskyi was arrested while crossing the border into Poland and reportedly faced threats from individuals with ties to Russian intelligence.

    First reported: 11.08.2025 21:50
    📰 1 source, 1 article
    Show sources