As of this writing, however, this is purely speculative– after all, attribution is often very difficult in this type of scenario. There is circumstantial evidence, which links the campaign to an APT group called Group 72, which has had a similar target profile in the past. Two versions of the highly popular Windows maintenance tool (32-bit CCleaner v and CCleaner Cloud v) were modified to distribute information stealing malware, and over 2 million users have been impacted by the incident. In an update post Thursday morning, Avast backed Cisco's findings, and confirmed that eight of the 18 known target companies had been breached by the hackers. Software Compromised At Source It's reported that hackers gained access to one of the computers used to compile CCleaner (from programming code to Windows executable), rather than hacking the site used to distribute the software. This can then be used for anything from resale or “active business development” to seeking out vulnerabilities in IT products, which in turn can be used to mount further attacks or to compromise devices “out of the box”. A server distributing a version of PC utility CCleaner infected with malware might have been compromised in early July, Avast revealed. CCleaner, a system-optimization tool with more. The probable objective of this is to syphon off intellectual property from the targeted organizations. 21 with news that malware injection seems to have been for purposes of industrial espionage. These facts suggest that behind the compromise is a long-standing and well-planned industrial espionage scheme. The targeted organizations include companies like Microsoft, Samsung, Cisco and Sony as well as telco companies such as Vodafone and even a manufacturer of gambling machines. The attacker added malware to the CCleaner and CCleaner Cloud installers, but the malware only executed. According to Talos, there are clear indications that point to the tainted 5.33 version of CCleaner downloading additional malware, if the infected machine is located in the network of one of several high-profile tech companies. An unknown threat group compromised the CCleaner infrastructure. For those using CCleaner, it’s highly recommended to update to the latest version, which is available at Piriform’s website here.It appears that the compromise of CCleaner has more far-reaching consequences. Shortly after the discovery of the malware, Piriform contacted law enforcement and the servers receiving information have already been taken down. This led to the discovery of the malware as Piriform, the company behind CCleaner, noticed the application was sending data to an unknown IP address. The malicious code not only granted attackers remote access to infected systems, but it also collected information about a victim’s system such as the name of the computer, list of installed software, running processes, MAC addresses, and more. Hackers were able to illegally modify the application before it was released and was able to introduce the malicious code. The security issue which was discovered on September 12, affected the 32-bit version of CCleaner version and CCleaner Cloud version. Earlier this week, security firms Morphisec and Cisco revealed that CCleaner, a piece of security software distributed by Czech company Avast, had been hijacked by hackers and loaded with a. Popular Windows optimization utility CCleaner has a serious problem right now as a recent blog post by their VP of Products, Paul Yung reveals that hackers have compromised recent versions of CCleaner, installing a backdoor utility into the application that would allow hackers to remotely access systems with CCleaner installed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |