The Texas local governments attack seems to me to be more akin to the trend we have been seeing in 2019 with attackers targeting one MSP and then using that access and the MSP’s tools to attack / encrypt the MSP’s individual clients. If I’m not mistaken (and, I could be), the Texas DIR often acts as sort of a provider / MSP or/ MSSP to some local governments by providing outsourced services to those local governments.
Does anyone know if that was the case for these 22 entities or if that has some connection? I do know DIR is leading the response.
UPDATE: I just heard from a friend who has worked arm in arm with these folks and the answer is:
Hey Shawn. Answer to your DIR question is no. DIR does not provide services to local gov in this form but does coordinate response.
As we learn more, yep, it was an MSP — join the discussion here: