By 
In yet another supply chain effort, an unidentified malicious actor managed to access Avast’s network, the security company announced on Monday.
Aimed at the end of September, the interference involved the use of a momentary VPN profile that had been kept alive though it did not have two-factor verification enabled. The attackers had been using the profile for unlawful access to the company’s network since May 14, 2019.
Avast says it first noticed the mistrustful behavior on its network on September 23, and that it involved with the authorities and an external forensics team to examine. The company kept the temporary VPN profile alive to be able to trail the threat actor, and noticed it accessing the network again on October 4.
“The logs further showed that the temporary profile had been used by multiple sets of user credentials, leading us to believe that they were subject to credential theft,” Avast says.
The security firm says that the possible target of this attack was CCleaner, as was the situation in 2017, when millions downloaded an affected update file that finally installed a backdoor on 40 machines out there, signifying a highly beleaguered attack.
The supposition was further established when a third-stage payload was recognized, allegedly meant to be installed on only a few of the 40 backdoored systems. Chinese hacking group Axiom is thought to have conducted the attack.
To avert an infection akin to the 2017 one, the security firm stopped imminent CCleaner releases on September 25 and began checking previous CCleaner releases for malicious changes. The security firm also resigned a clean update and sent it to users through the automatic update system on October 15, and then cancelled the previous certificate.
“Having taken all these precautions, we are confident to say that our CCleaner users are protected and unaffected,” Avast notes.
Avast also shut the momentary VPN profile when issuing the clean update, and then incapacitated and reset internal user credentials. The company says it has also executed extra inspection to all releases and that it plans on reorganizing all employee credentials, as well as taking further steps to improve general business security at Avast.
“From the insights we have gathered so far, it is clear that this was an extremely sophisticated attempt against us that had the intention to leave no traces of the intruder or their purpose, and that the actor was progressing with exceptional caution in order to not be detected. We do not know if this was the same actor as before and it is likely we will never know for sure, so we have named this attempt ‘Abiss’,” the security firm notes.
