Avast says CCleaner was targeted by hackers… again

Avast breach 2019

Avast breach 2019

"It is clear that this was an extremely sophisticated attempt against us that had the intention to leave no traces of the intruder or their goal, and that the actor was progressing with exceptional caution in order to not be detected".

The attack was able to use compromised credentials through a temporary VPN profile that had been activated by mistake and didn't have two-factor authentication enabled.

Although the company first noticed the breach on September 23, evidence shows the hackers may have first breached Avast's network as far back as May 14.

The company says: "The evidence we gathered pointed to activity on MS ATA/VPN on October 1, when we re-reviewed an MS ATA alert of a malicious replication of directory services from an internal IP that belonged to our VPN address range, which had originally been dismissed as a false positive".

Additionally, the user whose credentials had been compromised did not have the permissions of a domain administrator and this indicates that the attacker was able to achieve privilege escalation. The intruder connected from a public IP address in the United Kingdom and utilized a temporary VPN profile which should no longer have been active and was not protected with two-factor authentication. The findings show the scammers likely stole multiple employee login credentials for a temporary VPN profile the company had created but forgot to take offline.

Suspecting CCleaner as the targeted asset, Avast on September 25 stopped the upcoming updates for the software and started to check prior releases for malicious modification.

Baloo said that they may never know whether the threat actor was the same one as before. At the same time, it pushed out a "clean update" to CCleaner that was signed with a new digital certificate.

Kanye West Announces ‘Jesus is King’ Releases Oct. 25
Kanye West's new music is nearly here! After showing up to service a few times, he requested to speak with Tyson. Ye ultimately decided not to abandon his craft, but use it as vehicle to spread his beliefs.

Avast has disclosed that attackers breached its internal network through a compromised VPN profile and stolen credentials.

"Moreover, we continued to harden and further secure our environments for Avast's business operations and product builds, including the resetting of all employee credentials, with further steps planned to improve overall business security at Avast". The company also says that with immediate effect it has "implemented additional scrutiny" to all releases.

Logo of CCleaner, developed by Piriform which was acquired by Avast in 2017.

Having discovered the source of the problem, the incident response team discovered that miscreants again attempted to enter its network through this route on October 4.

The company tracked the intruder by keeping the VPN profile active and monitoring the access going through it until mitigation actions could be deployed.

Law enforcement has been notified of the intrusion and an external forensics team assisted Avast's efforts to verify the collected data. The investigation will continue. The information is marked as TLP:RED, which means that it can not be shared.

Recommended News

  • Watch the official trailer for The Crown season 3

    Watch the official trailer for The Crown season 3

    However, as Princess Margaret ( Helena Bonham Carter ) tells her sister, "It's only fallen apart if we say it has". The Crown Season 3 will start streaming on Netflix from November 17 .
    Drugs firms reach $260m opioid settlement

    Drugs firms reach $260m opioid settlement

    Walgreens said in a statement on Monday that it only sold opioids to fill a valid prescription written by a licensed physician. Pharmacy chain Walgreens opted out of the deal and will go to trial at a later date, said Federal District Judge Dan Polster.
    3 former Detroit Tigers starters are pitching in the World Series

    3 former Detroit Tigers starters are pitching in the World Series

    Although, one could make the argument that these two teams had gone in completely opposite directions at the end of the season. Justin Verlander will follow Gerrit Cole and start Game 2 of the World Series for Houston against Washington on Wednesday.
  • Qantas Completes 19-Hour Test Flight Between New York and Sydney

    Qantas Completes 19-Hour Test Flight Between New York and Sydney

    The Boeing 787-9 has the capacity of 280 passengers, however the Project Sunrise flight only had 49 passengers on board. Headwinds picked up overnight, which slowed us down to start with, but that was part of our scenario planning.
    Trump's Tweets: Doral Resort, Adam Schiff In Focus

    Trump's Tweets: Doral Resort, Adam Schiff In Focus

    Trump blamed Democrats and the media for his reversal, but reports suggest it was anger from congressional Republicans. In another sign of the risky predicament facing President Donald Trump , his longtime ally Republican Sen.

    Star Wars: Rise Of Skywalker Trailer Shows Off Adam Driver's Kylo Ren

    There were rumors last week that the trailer would debut during the October 14 Monday Night Football game instead. We see the two of them fighting, as we have in previous trailers, but they also appear to be working together.
  • Jaylen Brown agrees to 4-year, $115 million extension with Celtics

    Jaylen Brown agrees to 4-year, $115 million extension with Celtics

    Glushon and Celtics general manager Danny Ainge negotiated most of the deal's details over the weekend in Boston. The Boston Celtics have signed forward Jaylen Brown to a contract extension, the team announced today.
    Harry Dunn: Government knew crash suspect would leave UK

    Harry Dunn: Government knew crash suspect would leave UK

    The Foreign Office requested to waive her immunity "to enable the police investigation to follow its proper course", he told MPs. Their spokesman Radd Seiger said there was an "unacceptable lack of information being provided to the family".
    Johnson bids to fast-track Brexit bill through Commons in three days

    Johnson bids to fast-track Brexit bill through Commons in three days

    The EU could set a different length to an extension, either shorter or longer than the three-month one cited in the Benn Act. If the deal needs more time at that stage to get through parliament, leaders could agree to a short extension.
  • Match abandoned amid ‘race slurs’ is to be played again

    Match abandoned amid ‘race slurs’ is to be played again

    Both teams left the field on Saturday after Haringey's Coby Rowe was racially abused in the 64th minute, with Yeovil winning 1-0. The Football Association said Monday that the match will be replayed from the start on October 29 at Haringey's home ground.
    Weakened Nestor makes landfall in Florida; brings heavy rains to Southeast

    Weakened Nestor makes landfall in Florida; brings heavy rains to Southeast

    Nestor is expected to bring one to three inches of rain to drought-stricken inland areas on its march across a swath of the U.S. While some showers and gusty winds will be possible, impacts should be kept to a minimum in much of the Northeast.
    Colsaerts dominates French Open

    Colsaerts dominates French Open

    Both he and Colsaerts were in the water on 15. "Really got to feel how it is to play for a European Tour tournament inside me", said the 29-year-old Hansen.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.