New Security Breach at Avast Aimed at Its Ccleaner Software

New Security Breach at Avast Aimed at Its Ccleaner Software

Avast’s internal networks were recently breached by Cybercriminals, something similar to CCleaner incident back in 2017.

According to a notification from Avast, this intrusion was detected on September 23, which they found out with help of the Czech intelligence agency, Security Information Service (BIS), the local Czech police force cybersecurity division, and an external forensics team. The intrusion was detected when a Microsoft security tool displayed an alert due to ‘malicious replication of directory services from an internal IP.’ This internal IP belonged to Avast’s VPN address range.

An employee’s VPN credentials was compromised by the attackers to gain access to an account that was not protected using a multi-factor authentication solution. Although discovered recently, Avast believes that the attackers had been attempting to gain access to the network through the compromised VPN as early as May 14 of this year.

“The user, whose credentials were apparently compromised and associated with the IP, did not have domain admin privileges. However, through a successful privilege escalation, the actor managed to obtain domain admin privileges. The connection was made from a public IP hosted out of the UK and we determined the attacker also used other endpoints through the same VPN provider,” explained Jaya Baloo, Avast Chief Information Security Officer.