Earlier this week, we learned that hackers had managed to infiltrate CCleaner, using a backdoor to infect hundreds of thousands. Since then more details about the attack have come to light, with researchers finding evidence that the attackers were using CCleaner to target some of the world’s biggest tech companies, including Microsoft, Samsung, Intel and Google. In total, at least 20 firms were targeted.
Yesterday the researchers over at Cisco’s Talos security division revealed that they have analysed the hackers’ “command and control” server, which was connected to all of the malicious versions of CCleaner. As Wired points out, on that server, the researchers found evidence that the hackers tried to filter through all of the infected machines to find PCs specifically inside the networks of around 20 tech firms. The attackers were specifically trying to infiltrate Intel, Google, Microsoft, Samsung, Akamai, Sony, VMWare, HTC, Linksys, D-Link and Cisco.
The report says that the attackers did manage to find at least one infected system in around ten of those companies. They then used that backdoor to infect those systems with another piece of malware. The running theory now is that this may have been a case of corporate espionage.
Aside from the attack on tech firms, this latest research into the hack revealed that 700,000 PCs were infected. Initially, it was thought that as many as 2.26 million PCs could have been affected but that turned out not to be the case. The companies found in the attacker’s database have been informed of the backdoor at this point, so things should be patched up relatively quickly.
Right now, it is unknown how far the hackers managed to get after worming their way into the networks of tech companies. However, investigations are still ongoing so we should hear more.
KitGuru Says: At least regular consumers can take some solace in knowing that the CCleaner attack wasn’t targeted at them. From the sounds of it, unless your PC was connected to a tech firm’s network, they weren’t really interested. Still, if you did have the program installed on your system, make sure you take the necessary steps to remain secure and clean your system of any malware etc.