Avast Discloses New Supply-Chain Attack Attempt

An unknown threat actor managed to access Avast’s network in yet another supply chain compromise attempt, the security company announced on Monday.


Detected at the end of September, the intrusion involved the use of a temporary VPN profile that had been kept alive although it did not have two-factor authentication enabled. The attackers had been using the profile for unauthorized access to Avast’s network since May 14, 2019.


Avast says it first detected the suspicious behavior on its network on September 23, and that it engaged with the authorities and an external forensics team to investigate. The security firm kept the temporary VPN profile alive to be able to track the threat actor, and observed it accessing the network again on October 4.


The attackers, which Avast refers to as “Abiss,” managed to successfully access the security firm’s internal network seven times since May 14.


“The logs further showed that the temporary profile had been used by multiple sets of user credentials, leading us to believe that they were subject to credential theft,” Avast says.


According to Avast, the likely target of this attack was CCleaner, as was the case in 2017, when millions downloaded a compromised update file that eventually installed a backdoor on 40 machines out there, suggesting a highly targeted attack.


The hypothesis was further confirmed when a third-stage payload was identified, supposedly meant to be deployed on only a few of the 40 backdoored systems. Chinese hacking group Axiom (also known as APT17 or DeputyDog) is believed to have carried o ..

Support the originator by clicking the read the rest link below.