Hackers recently infiltrated antivirus provider Avast in an apparent attempt to tamper with the company's CCleaner product.
The hackers breached the company by stealing the employee login credentials for a VPN client, which gave them access to Avast's internal network, the antivirus provider said on Monday.
Although the company first noticed the breach on Sept. 23, evidence shows the hackers may have first breached Avast's network as far back as May 14. But rather than pull the plug on the VPN connection, Avast decided to leave it open in a bid to track the hackers' activities.
The investigation found that the mysterious culprits were likely targeting Avast's popular CCleaner product, which is installed across the globe. This comes two years after hackers stole trade secrets from high-profile tech firms by rigging version 5.33 of CCleaner with well-hidden malware to secretly collect system information on computers that had installed it.
"We do not know if this was the same actor as before," Avast's chief information security officer Jaya Baloo said in today's statement. But in response to breach, the company halted upcoming CCleaner releases, and verified that no malicious alterations had been made to the product.
Avast booted the hackers from its network on Oct. 15 by shutting down the VPN profile. At the same time, it pushed out a "clean update" to CCleaner that was signed with a new digital certificate.
"Having taken all these precautions, we are confident to say that our CCleaner users are protected and unaffected," Baloo added. All VPN login credentials for the company's internal network were also reset.
Avast, which is based in the Czech Republic, teamed up with the country's government intelligence agencies to investigate the hack. The findings show the scammers likely stole multiple employee login credentials for a temporary VPN profile the company had created but forgot to take offline.
To connect to the VPN, the hackers used a public IP address hosted in the UK. Even though the VPN profile had no "domain admin privileges," the hackers still managed to exploit a vulnerability to gain full access to Avast's internal systems.
"From the insights we have gathered so far, it is clear that this was an extremely sophisticated attempt against us that had the intention to leave no traces of the intruder or their purpose," Baloo said.
The incident underscores the danger of a supply chain attack; earlier this year, security experts also reported that PC maker Asus had suffered a similar hack that involved the company rolling out a malicious version of an update utility to notebook computers.
Capital One hack exposes data of 100 million American customers
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
