Though it seemed like a more general malware outbreak at first, the recent CCleaner debacle appears to have been more targeted than originally thought. Since it was revealed CCleaner developer Piriform had unknowingly been distributing malicious software with the utility for a month, researchers have discovered that the malware was specifically trying to gain access to internal networks in at least 20 tech companies, including Microsoft.
First reported by Wired (via The Verge), researchers at Cisco and Avast (opens in new tab) discovered that the malware was specifically going after a list of internal domains at the time its "command-and-control" server was seized. Targeted companies include Intel, Google, Microsoft, Akamai, Samsung, Sony, VMware, HTC, Linksys, D-Link and Cisco, among others, as part of a two-stage attack. Avast writes:
According to Cisco, the hackers appear to have been successful in installing the malware on more than 700,000 machines,"and more than 20 machines have received the second-stage payload." That's only for a four-day period between September 12 and September 16, so it's possible that other companies were targeted.
The attack still hasn't been attributed to any specific party, but evidence suggests it could be part of an industrial espionage campaign. A Kaspersky researcher has indicated the malware shares code with tools used by Axiom, a group that has been linked to Chinese intelligence services.
Windows Central Newsletter
Get the best of Windows Central in in your inbox, every day!
Piriform still claim they were unaware, I'm not so sure. Whatever the root cause, their reputation and possibly Avast's has been tarnished forever
There have been too many malware and ransomware attacks this year. I hope they die down soon. For those looking for ways to free themselves from malwares can follow this guide that has malware removal steps for all devices:https://www.purevpn.com/blog/how-to-remove-malware/
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.