Don't just rely on uninstalling CCleanerĮarlier in the week, some security experts had suggested the victims to not just uninstall CCleaner for its cleaner version, but also go back to an earlier system stage. The AV firm is currently reaching out to the companies it knows have been impacted, "and providing them with additional technical information to assist them". It doesn't mean that 10 out of the reported 20 tech companies were infected, as some were infected twice, while others never did. Researchers have said that 50% of attackers' attempts at installing the second payload that delivered data collection and keylogging malware was successful. The security team further adds that following their attack, criminals went through their database of infected machines to specifically find PCs connected to the tech companies' networks. "A fairly sophisticated attacker designed a system which appears to specifically target technology companies by using a supply chain attack to compromise a vast number of victims, persistently, in hopes to land some payloads on computers at very specific target networks." - Cisco Talos
#CCLEANER MALWARE HACK CODE#
Most notoriously, APT 17 is the group behind the Operation Aurora which was an extremely high profile attack in 2009 targeting over 30 tech companies, including Google. As previously noted in several similar hacks, researchers can only look at the overlap of the code previously used by the group and cannot often prove the attribution.
#CCLEANER MALWARE HACK SOFTWARE#
The Chinese state sponsored group, known as APT 16 aka Group 72 aka Axiom aka Aurora, according to security researchers, has a history of software supply chain compromises. Along with Kaspersky and others, FireEye has also connected the attack with APT found infrastructure overlap with nation state threat actor & identified shared code w/APT17 malware Some of these included, Google, Microsoft, Samsung, Sony, Intel, HTC, Linksys, D-Link, Cisco itself, and others. But, who are these select targets? Tech titans!Īccording to Cisco's Talos security division and Avast itself, the malware had specific targets that included 20 tech giants (based on logs from only 3 days actual number expected in hundreds). "This was a typical watering hole attack where the vast majority of users were uninteresting for the attacker, but select ones were," Avast researchers wrote. The researchers shared that when the server was seized, the attackers were targeting a string of internal domains with a second-stage payload that was designed to collect data. New posts from Avast and Cisco’s Talos research group have revealed the findings. The malware injected into #CCleaner has shared code with several tools used by one of the APT groups from the #Axiom APT 'umbrella'.
The group had once reportedly broken into Google's corporate infrastructure. Security researchers from at least four different firms have now reported to have established links between the malicious code added to CCleaner with malware that was previously used by a sophisticated group of Chinese hackers. They were particularly curious about this attack because the malicious code was injected into CCleaner before it was compiled and then distributed, suggesting that the hackers were able to gain access to the development infrastructure of the antivirus firm. Since the revelation earlier this week, researchers have been going through the data to see what was happening behind the scenes. The recent attack that affected millions installing the infected version of the popular system optimization tool could have been the work of an elite cyberespionage group. But who was behind this carefully plotted take over of CCleaner? A state sponsored hacking group.
#CCLEANER MALWARE HACK PC#
From the one billion users of this popular PC utility, researchers had estimated that at least over 2.2 million users have been infected by this modified version of the software utility between Augand September 15, 2017. The "legitimate signed version" contained a multi-stage malware payload that rode on top of the installation of CCleaner. Earlier this week, we reported a malware attack that was using CCleaner and was being distributed by Avast's own servers.
0 kommentar(er)
