![]() ![]() “These new findings raise our level of concern about these events, as elements of our research point towards a possible unknown, sophisticated actor,” the company said. “These findings also support and reinforce our previous recommendation that those impacted by this supply chain attack should not simply remove the affected version of CCleaner or update to the latest version, but should restore from backups or reimage systems to ensure that they completely remove not only the backdoored version of CCleaner but also any other malware that may be resident on the system. That’s what Talos has recommended all along. In case you think you were affected by the hack either at home or at work, you should update CCleaner to the latest version available, and consider other steps to remove any potential malware that may still reside on your drives. Talos says that it only discovered 20 machines that received the specialized secondary attack. It doesn’t appear to be ransomware at this point, hopefully, some more details will emerge, but it’s most likely a more insidious attack like NotPetya.The CCleaner backdoor hack affected almost 2.3 million users, but it’s unclear how many of them received the second payload. It seems the malicious version in this CCleaner hacking seems to have dug in pretty deep, even more so if it was installed inside one of the ‘target’ networks as the second piece of more intrusive malware was pushed in.Īvast is recommended computers be restored from backups taken before to the compromise happened. In about half of those cases, says Talos research manager Craig Williams, the hackers successfully found a machine they’d compromised within the company’s network, and used their backdoor to infect it with another piece of malware intended to serve as a deeper foothold, one that Cisco now believes was likely intended for industrial espionage.Īnd as a user, it means you should be careful. ![]() On that server, they found evidence that the hackers had attempted to filter their collection of backdoored victim machines to find computers inside the networks of 20 tech firms, including Intel, Google, Microsoft, Akamai, Samsung, Sony, VMware, HTC, Linksys, D-Link and Cisco itself. ![]() On Wednesday, researchers at Cisco’s Talos security division revealed that they’ve now analyzed the hackers’ “command-and-control” server to which those malicious versions of CCleaner connected. Cisco Talos suspects that the attacker compromised a portion of (CCleaner’s) development or build environment and leveraged that access to insert malware into the CCleaner build that was released. It wound up installed on more than 700,000 computers. Some of the configuration files are also set in China’s time zone, which whilst it does indicate it probably is from China – it doesn’t link it for certain to the government.Įarlier this week, security firms Morphisec and Cisco revealed that CCleaner, a piece of security software distributed by Czech company Avast, had been hijacked by hackers and loaded with a backdoor that evaded the company’s security checks. There is some code reuse from the Group 72 also known as Axiom who are linked to the Chinese Government. This CCleaner Hack is a fairly advanced attack with some people making links to the Chinese government, an attack of this scale and focus does feel like a nation-state attack. “Piriform believes that these users are safe now as its investigation indicates it was able to disarm the threat before it was able to do any harm,” says an Avast spokesperson. 2.27 million users have been affected by the attack, and Avast Piriform believes it was able to prevent the breach harming customers. Dubbed “crap cleaner,” it’s designed to wipe out cookies and offer some web privacy protections. “For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner,” says the Talos team.ĬCleaner has been downloaded more than 2 billion times according to Avast, making it a popular target for hackers. Security researchers at Cisco Talos discovered that download servers used by Avast (the company that owns CCleaner) were compromised to distribute malware inside CCleaner. Hackers have successfully breached CCleaner’s security to inject malware into the app and distribute it to millions of users. This could be classified as slightly ironic too as CCleaner is extremely popular software for removing crapware from computers, it was a clever assumption that a corrupt version would find itself installed in some very high-value networks. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |