Huntress has discovered fresh evidence that MSPs remain an attractive supply chain target for hackers.

Huntress researchers discovered an ad posted on July 18 on an exploit[.]in forum from a user with the name “Beeper” looking for a partner to help process stolen data from over 50 MSP customers, 100 VMware ESXi servers and more than 1,000 servers. The hacker boasted a “high profit share,” with only little left to do before exploiting the data.

Huntress’ discovery comes shortly after a May 11 warning for all Five Eyes countries (Australia, Canada, New Zealand, the United Kingdom, and the United States) urging MSPs to prepare for malicious hackers and advanced persistent threat (APT) groups to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships.

Huntress’ Harlan Carvey

Harlan Carvey is Huntress‘ senior incident responder for research and development.

“The ad appeared in Russian,” he said. “When the Russian was translated into English, it was pretty clear that somebody had gained access to what they described as an MSP. And it appears that they had access to the customer management portal or something similar, and were able to identify up to 50 customers. Apparently there was extensive use of virtualized systems as well. And it appeared on the surface that this threat actor was looking for assistance. Specifically, what kind of assistance wasn’t clear. If they were looking to take advantage of it or to do some additional work. But it seemed that they were looking for some help and then directed folks to reach out through direct messaging.”

Scroll through our slideshow above for more from Huntress on the continuing threat to MSPs.