Kaseya VSA mass ransomware (REvil) (KASEYA-2021)
Supply-chain compromise · disclosed 2021-07-02 · region: US · primary attribution: MISP-24bd9a4b
Sectors touched: Software Publishers
REvil exploited a zero-day in Kaseya VSA RMM software to push ransomware to ~1,500 downstream MSP customers — among them Coop (Sweden) which closed ~800 grocery stores for days. The July 4 timing maximised disruption.
Supply-chain flow
Trojanised Kaseya reached ~1,500 MSP customers downstream.
Named victims
- Kaseya
CVEs linked to this incident
Linked sources
This canonical entry pulls together coverage from the other data layers — curated narrative above; raw sources below.
- CISA/FBI/NCSC advisories: