![]() ![]() In that incident, hackers inserted a backdoor into a legitimate update for an enterprise server administration tool developed by a company called NetSarang Computer.Īll evidence found so far suggests that the CCleaner compromise was a sophisticated targeted attack whose goal was to ultimately gain access to the networks of high-profile companies. The hacking groups associated with Axiom have launched similar supply chain attacks in the past, including the recent ShadowPad attack revealed by Kaspersky Lab last month. While there is no definitive attribution for the attack, researchers from Kaspersky Lab, Intezer and Cisco Talos independently confirmed that there is code and command-and-control infrastructure overlap between the first-stage backdoor and malware used in the past by Axiom, an umbrella group for cyberespionage operations linked to China’s intelligence agencies. However, since the server logs only covered three days, the number of computers that received the second malware program was likely into the hundreds, the company said. The targeted companies include Microsoft, Google, Samsung, Intel, Sony, VMware, HTC, Samsung, Sintel, Vodafone, O2, Epson, Akamai, D-Link and Cisco itself.Īvast confirmed Cisco’s findings on Thursday and said it found evidence that the second-stage payload was deployed on 20 systems belonging to eight of those companies. These files included the secondary malware program and also revealed a list of 18 companies on whose systems the attackers intended to install it. But yesterday, researchers from Cisco Systems’ Talos division revealed that they obtained a copy of the files hosted on the command-and-control server. However, it also allocated memory for an additional payload that was supposed to be delivered from the server.įor the first couple of days after the hack was announced, it seemed that no security firm had seen this second payload. This code’s purpose was to collect information about the systems it was running on-their names, domain names, IP addresses, process lists, etc.-and submit it to a command-and-control server. Upon installation, CCleaner v and CCleaner Cloud v loaded a lightweight backdoor program directly in memory. Those systems belonged to at least eight technology companies. However, only a very small portion of those systems also received a second-stage malicious payload from attackers. The malware-infected installers for 32-bit versions of CCleaner and CCleaner Cloud released in August were installed on more than2.2 million computers. There are also links between the malware code and a well-known Chinese cyber-espionage group. ![]() New evidence shows the hackers who infected the installers for the popular CCleaner system optimization tool were primarily targeting the program’s business users. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |