In 2018, Avast said that further investigations into the 2017 attack showed the threat actors were planning to install a third round of ShadowPad malware on compromised computers.Īvast said it does not know if this more recent attack was the same actor as before. During this more recent attack, however, Avast said it was able to bolster remediation efforts to limit damage. CCleaner TargetĬCleaner, which was previously targeted in a 2017 attack, is believed to be the intended target of this latest attack, said Avast.Īvast acquired Piriform, which owns the PC cleaning tool CCleaner (formerly Crap Cleaner), in July 2017, months before a malware attack on CCleaner was discovered. The company also said that the temporary profile had been used by multiple sets of user credentials – leading Avast to believe that its users were subject to credential theft. 25 Microsoft Advanced Threats Analytics alert warned of “a malicious replication of directory services from an internal IP.” However, through a successful privilege escalation attack, the actor managed to obtain domain admin privileges, said Avast (Avast did not provide further details about the privilege escalation attack).Īvast did not detail any further implications of the breach other than to say that the Sept. The user of the temporary VPN did not have domain admin privileges. Avast said the temporary VPN account had “erroneously been kept enabled,” and did not require two-factor authentication – making it easier for hackers to compromise. The intruder was able to connect to a temporary VPN account, from a public IP address in the U.K., using a compromised username and password. “In order to track the actor, we left open the temporary VPN profile, continuing to monitor and investigate all access going through the profile until we were ready to conduct remediation actions,” said Avast. However, after observing previous Microsoft Advanced Threats Analytics alerts, Avast found the attackers had attempted to access its network at least seven times in 2019, with attempts first starting May 2019. “We do not know if this was the same actor as before and it is likely we will never know for sure, so we have named this attempt ‘Abiss’.”Īvast was first alerted to the intrusion via an alert from Microsoft Advanced Threats Analytics (a Microsoft service that monitors for potential suspicious activity) on Sept. “From the insights we have gathered so far, it is clear that this was an extremely sophisticated attempt against us that had the intention to leave no traces of the intruder or their purpose, and that the actor was progressing with exceptional caution in order to not be detected,” said Jaya Baloo, chief information security officer with Avast in a post on Monday. 25, was likely targeting its CCleaner business in a supply chain attack. CCleaner, which is software that fights infections in PCs, was previously infiltrated by attackers in 2017 and led to the compromise of 2.27 million people’s systems. Czech antivirus vendor Avast on Monday warned that hackers were able to access its internal network using a temporary VPN account.Īvast said that it believes that the intrusion, first detected on Sept.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |