Skip to main content

CCleaner malware specifically targeted Microsoft and other tech firms

Though it seemed like a more general malware outbreak at first, the recent CCleaner debacle appears to have been more targeted than originally thought. Since it was revealed CCleaner developer Piriform had unknowingly been distributing malicious software with the utility for a month, researchers have discovered that the malware was specifically trying to gain access to internal networks in at least 20 tech companies, including Microsoft.

CCleaner Targeted Domains

First reported by Wired (via The Verge), researchers at Cisco and Avast (opens in new tab) discovered that the malware was specifically going after a list of internal domains at the time its "command-and-control" server was seized. Targeted companies include Intel, Google, Microsoft, Akamai, Samsung, Sony, VMware, HTC, Linksys, D-Link and Cisco, among others, as part of a two-stage attack. Avast writes:

At the time the server was taken down, the attack was targeting select large technology and telecommunication companies in Japan, Taiwan, UK, Germany and the US. Given that CCleaner is a consumer-oriented product, this was a typical watering hole attack where the vast majority of users were uninteresting for the attacker, but select ones were.

According to Cisco, the hackers appear to have been successful in installing the malware on more than 700,000 machines,"and more than 20 machines have received the second-stage payload." That's only for a four-day period between September 12 and September 16, so it's possible that other companies were targeted.

The attack still hasn't been attributed to any specific party, but evidence suggests it could be part of an industrial espionage campaign. A Kaspersky researcher has indicated the malware shares code with tools used by Axiom, a group that has been linked to Chinese intelligence services.

Dan Thorp-Lancaster is the Editor in Chief for Windows Central. He began working with Windows Central as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl. Got a hot tip? Send it to daniel.thorp-lancaster@futurenet.com.

2 Comments
  • Piriform still claim they were unaware, I'm not so sure. Whatever the root cause, their reputation and possibly Avast's has been tarnished forever
  • There have been too many malware and ransomware attacks this year. I hope they die down soon. For those looking for ways to free themselves from malwares can follow this guide that has malware removal steps for all devices:https://www.purevpn.com/blog/how-to-remove-malware/