Hackers Breach Avast Through Old Internal VPN Profile

The popular cybersecurity firm Avast has revealed a cyber attack that it endured recently. Reportedly, Avast faced a security breach earlier this year that seemingly aimed at infecting its CCleaner app.

Avast Disclosed A Security Breach

In a blog post, Jaya Baloo, the CISO at Avast, has disclosed a cyber attack that the company endured recently. Upon discovering the suspicious activity, the company started work and investigations into containing the attack.

As stated in the post,

The evidence we gathered pointed to activity on MS ATA/VPN on October 1, when we re-reviewed an MS ATA alert of a malicious replication of directory services from an internal IP that belonged to our VPN address range, which had originally been dismissed as a false positive.

They found that the attackers exploited a compromised user account to gain access to Avast systems.

We found that the internal network was successfully accessed with compromised credentials through a temporary VPN profile that had erroneously been kept enabled and did not require 2FA.

While the affected account had no domain privileges, the attackers triggered privilege escalation to achieve domain privileges.

Tracking the IP address of the connection pointed out to a location outside the UK. Digging further into the issue also revealed that the attackers had made numerous attempts through the same VPN since May 2019.

Second Hacking Attempt On CCleaner Since Acquisition

Avast suspects that the attackers were targeting CCleaner with this attempt. Nonetheless, they still initiated investigations on a wider level to ensure utmost security.

Even though we believed that CCleaner was the likely target of a supply chain attack, as was the case in a 2017 CCleaner breach, we cast a wider net in our remediation actions.

While Avast dubbed the attack ‘Abiss’ (Avast’s title to this attempt) “extremely sophisticated”, they still managed to contain the attack. Furthermore, they also hardened the security of their operations and product builds.

‘Abiss’ marks the second attack on CCleaner. Earlier, some attackers meddled with the app in 2017 by infecting it with Floxif malware.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients