Avast: Hackers breached internal network by blocking VPN profiles

Cybersecurity company software development, Avast, revealed that its interior network was violated by hackers.

The company said that the target of the attack was probably the insert malware into CCleaner software. 2017 had a similar incident.

How did the violation occur?

According to Avast, hackers violated VPNs credentials a company employee. In this way, they gained access to an account that was not protected.

The company discovered the breach on 23 September. Immediately, it began an investigation and found evidence that the attackers had been targeting the company's systems since 14 May 2019.

"The user whose credentials were violated did not have domain administrator rights. However, through a successful privilege escalation attack"The attacker was able to gain administrator privileges," said Jaya Baloo, Avast's head of information security.

According to Baloo, the company has activated the violated VPN profile to monitor the attacker's activities.

This lasted until 15 October, when the company released a new update of its CCleaner.

In addition, Avast changed the digital certificate used for CCleaner updates. The company considered that this change was necessary if the hackers had managed to obtain the old certificate at infringement of the network.

"Having taken all these precautions, we are sure that users CCleaner are protected and unaffected, "said Baloo.

The company, based in the Czech Republic, works with the police, the Czech intelligence agency, the Security Information Service (BIS) and a private company for the investigation of a violation.

Avast believes that the attackers were experienced hackers but it is not certain whether it is the team itself that attacked the company 2017.

"From the information we have gathered so far, it is clear that this was an extremely complex attack against us that was intended to leave no trace of the invader. The attackers "They proceeded with extreme caution so as not to be detected," Baloo said.

The investigation is ongoing. Avast said it would let you know if it learned of any new items. In 2017, he had published several updates on the breach incident and was considered commendable for speaking openly and in detail on the subject.

2017, the attackers had 'planted' malware in CCleaner, in violation of a account TeamViewer. According to Avast, about 2,27 millions of users had downloaded the corrupted CCleaner software.