Security firm Avast has revealed that hackers attempted to breach its internal networks in an attempt to target CCleaner.
The news was revealed in a blog post written by Avast’s CISO, Jaya Baloo which said that the company’s internal network was accessed with the help of compromised credentials and a temporary VPN account.
Baloo describes the attempt as a “very sophisticated” attack. Dubbing it “Abiss”, Avast claims it spotted five access attempts, from mid-May to early October. Hackers were using a public IP address in the UK, and utilised a temporary VPN profile which was not protected by two-factor authentication.
Avast also claims that the stolen credentials, which the hackers used to access their systems, didn’t even have administrative privileges, which means whoever is behind the attack has had to exercise privilege escalation, as well.
As soon as Avast realised that CCleaner was the target, it stopped all upcoming updates, re-signed a new release and pushed it as an update last week. This killed the attack off:
"It was clear that as soon as we released the newly signed build of CCleaner, we would be tipping our hand to the malicious actors, so at that moment, we closed the temporary VPN profile. At the same time, we disabled and reset all internal user credentials. Simultaneously, effective immediately, we have implemented additional scrutiny to all releases,” Baloo wrote.