Avast breached by hackers who wanted to compromise CCleaner again - Help Net Security

Avast breached by hackers who wanted to compromise CCleaner again - Help Net Security

Czech security software maker Avast has suffered another malicious intrusion into their networks, but the attackers didn’t accomplish what they apparently wanted: compromise releases of the popular CCleaner utility.



What happened?


The discovery of the intrusion started with a security alert that flagged a malicious replication of directory services coming from an internal IP that belonged to the company’s VPN address range.


“The user, whose credentials were apparently compromised and associated with the IP, did not have domain admin privileges. However, through a successful privilege escalation, the actor managed to obtain domain admin privileges,” Avast CISO Jaya Baloo explained.


“After further analysis, we found that the internal network was successfully accessed with compromised credentials through a temporary VPN profile that had erroneously been kept enabled and did not require 2FA.”


< ..

Support the originator by clicking the read the rest link below.