Avast Network Hacked Again
Avast issued a warning that hackers were able to access its internal network using a temporary VPN account. Avast believes that the intrusion targeted its CCleaner business in a supply chain attack. CCleaner, which is software that fights infections in PCs, was previously hacked in 2017 and led to the compromise of 2.27 million people’s systems.
Avast stated that it is clear that this was a sophisticated attempt with the intention of leave no traces of the breach or their purpose, and that the hackers were taking extreme caution in order to not be detected. Avast doesn't know if this was the same group as before and will never know for sure.
Avast was alerted to the intrusion by an alert from Microsoft Advanced Threats Analytics. After analyzing the logs, Avast found the attackers had attempted to access its network at least seven times in 2019, with attempts first starting May 2019. Avast left the temporary VPN profile open in order to track the hacker and to continue monitoring and investigating all access going through the profile.
Avast halted upcoming CCleaner releases and started checking prior CCleaner releases to verify that no malicious alterations had been made. Avast also disabled and reset all internal user credentials. As two further measures, Avast re-signed a clean update of the product, pushed it out to users by an automatic update on October 15. Avast also revoked the previous certificate.