CCleaner malware had a specific target: tech titans
The malware that hackers inserted into legit downloads of popular PC-cleaning software CCleaner wasn’t harmless after all. According to Cisco’s Talos security division, it had specific targets: at least 20 tech titans, including Google, Samsung, Microsoft, Sony, HTC, Linksys, D-Link, and Cisco itself. Based on the data they got from someone involved in the CCleaner investigation, the Talos researchers have discovered that the attackers’ main goal was to infect computers inside those companies’ networks. The original malware was merely used to deliver a second malware, which can insert itself deeper into the system.
According to the Talos researchers, the info they got from their source included evidence that the hackers looked through their database of hacked machines to find PCs connected to those companies’ networks. While they didn’t reveal which corporations got infected, they said 50 percent of the hackers’ attempts at installing the secondary malware was successful. That doesn’t mean 10 out of the 20 fell victim to the malware, though: some of the tech giants got infected twice, while others weren’t affected at all.
Now that the team has discovered the malware’s true nature, they don’t think it was deployed simply to install keyloggers or ransomware on random people’s computers. They believe it was created for industrial espionage, a way to steal valuable secrets from some of the world’s biggest tech giants. They even found some code associated with known hacking team Group 72 or Axiom, which is believed to be a Chinese government operation. However, the researchers still can’t say for certain whether this particular attack was perpetrated by Group 72.
Avast, the company that owns CCleaner, has confirmed the second payload’s existence after an investigation by its own researchers. It advises the software’s individual users to upgrade to its latest version and to use an anti-virus products. Corporate users will have to go further than that: since the malware might have targeted more than 20 companies, Cisco recommends restoring PCs using backup made before CCleaner was installed.
Source: Cisco Talos, Avast