Please be aware that hundreds of thousands of computers have been penetrated by a corrupted version of the popular computer cleanup software, known as CCleaner. CCLeaner was recently compromised by hackers (August 15th) where they managed to embed malware into what is now thought to be over 2.2 million machines.
It is now becoming clear exactly how bad the results of the recent CCleaner malware outbreak may be. Researchers now believe that the hackers behind it were bent not only on mass infections, but on targeted espionage that tried to gain access to the networks of at least 18 tech firms.
Fortunately it only appears to be targeting large telecoms companies but there is the risk that it could be utilised by others with malicious intent.
The group behind the attack remains unknown. Cisco Talos was able to confirm that some of the code in the CCleaner backdoor overlaps with a backdoor used by a hacking group known both as APT 17 and Group 72. Researchers have tied this group to people in China. Cisco Talos also noticed that the command server set the time zone to one in the People’s Republic of China. Williams warned, however, that attackers may have deliberately left the evidence behind as a “false flag” intended to mislead investigators about the true origin of the attack.
For any company that may have had computers running the corrupted version of CCleaner on their network, Cisco warns that merely deleting the application isn’t enough. Instead anyone affected must fully restore their machines from backup versions prior to the installation.
If you are concerned about your IT security and would like to speak to one of our security experts please contact us today on firstname.lastname@example.org or 01329 239900.