![]() ![]()
The Avast researchers also analyzed the attackers’ connection patterns to the primary command-and-control server and the backup server. “Clearly, the logs also indicate that the attackers were looking for additional high-profile companies to target, some of them potentially leading to additional supply-chain attacks (Carriers/ISPs, server hosting companies and domain registrars),” the Avast researchers said in a new blog post Tuesday. telecommunications provider O2 (one system) Gauselmann, a German gaming and gambling company (one system) Singtel, a telecommunications provider from Singapore (one system) Intel (one system) and VMware (one system). These select computers belonged to Chunghwa Telecom, the largest telecommunications company in Taiwan (13 systems) Japanese IT services provider NEC (10 systems) Samsung (five systems) AsusTek Computer, commonly known as Asus (two systems) Sony (two systems) Fujitsu (two systems) InfoView2u, a supplier of CCTV surveillance systems (one system) U.K. Out of those infected systems, attackers chose to deploy the second-stage malware on only 40. This provides a more accurate estimation of the number of systems that were infected with the first-stage malware program through the CCleaner installer. The total number of unique PCs (unique MAC addresses) that communicated with the CnC server was 1,646,536. Avast also gained access to this second server with help from law enforcement agencies and recovered the information. It turns out that before the database was reset, the hackers made a copy of the existing data and moved it to a secondary server. Researchers from Avast later established that this lack of data was because the server had run out of space at some point and the attackers had to rebuild the database. Surprisingly, the C2 server only contained data for three days of activity in September that showed the second stage payload was deployed to 20 systems belonging to eight companies. #Reddit ccleaner malware installResearchers from Cisco Systems’ Talos group managed to obtain the logs and database from the command-and-control server and determined that the goal of the attackers was to install additional malware on computers belonging to high-profile companies including Microsoft, Google, Samsung, Intel, Sony, VMware, HTC, Samsung, Sintel, Vodafone, O2, Epson, Akamai, D-Link and Cisco itself. #Reddit ccleaner malware codeHowever, it later became clear that this attack was a targeted one and researchers found links between the code and command-and-control (C2) infrastructure used by the attackers and previous malware used by a known cyberespionage group of Chinese origin. Initially, it was believed that this was a large-scale attack whose goal was to infect as many users as possible, Avast estimating that the compromised installers were used on more than 2 million systems. The rogue installers for the Windows system optimization tool had malware attached to them that was designed to collect information from infected computers and install a secondary payload on systems chosen by the hackers. Return to the Malwarebytes AdwCleaner guide.Avast and Piriform announced last week that hackers managed to embed malicious code into CCleaner v and CCleaner Cloud v before the programs were compiled and released to users in August. Our malware removal specialists can then study and make appropriate changes to the scanner.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |