Given that CCleaner is a consumer-oriented product, this was a typical watering hole attack where the vast majority of users were uninteresting for the attacker, but select ones were.Īccording to Cisco, the hackers appear to have been successful in installing the malware on more than 700,000 machines,"and more than 20 machines have received the second-stage payload." That's only for a four-day period between September 12 and September 16, so it's possible that other companies were targeted. That attack betrayed basic consumer trust in CCleaner-developer Avast, and software firms more broadly, by lacing a legitimate program with malwareone distributed by a security company, no less.
CCLEANER MALWARE ATTACK CODE
According to Cisco Talos, the code which is seen in the malware present in CCleaner is same as that used by the sophisticated hacking group called group 72 or axiom. The ASUS attack brings to mind the massive CCleaner supply chain attack uncovered by Morphisec in 2017. Avast writes:Īt the time the server was taken down, the attack was targeting select large technology and telecommunication companies in Japan, Taiwan, UK, Germany and the US. It is still unknown which group is behind this attack although many predictions are there from various aspects of the industry. The CCleaner malware fiasco has reached a new height according to new evidence, the attack may have infected the internal networks of technology giants like Google, Microsoft, and Sony. About Press Copyright Contact us Creators Advertise Developers Terms Privacy Policy & Safety How YouTube works Test new features Press Copyright Contact us Creators. The malware included a hardcoded list of MAC addresses about 600 unique addresses were found in the samples analyzed by Kaspersky only those on the list would connect to the C2 server for the follow-on payloads. Targeted companies include Intel, Google, Microsoft, Akamai, Samsung, Sony, VMware, HTC, Linksys, D-Link and Cisco, among others, as part of a two-stage attack. First reported by Wired (via The Verge), researchers at Cisco and Avast (opens in new tab) discovered that the malware was specifically going after a list of internal domains at the time its "command-and-control" server was seized. Unrelated to the CCleaner attack, Avast also found ShadowPad samples active in South Korea and Russia, logging a financial transaction Today, I shared new findings from Avast’s continued investigations of the CCleaner APT (Advanced Persistent Threat) at RSA. Details for the CCleaner Backdoor malware family including references.
0 kommentar(er)
