Czech-based cybersecurity company Avast Antivirus revealed they had a detected a network attack when they found suspicious behaviour on their network on September 23. Working together with Czech counterintelligence service BIS along with external forensic teams, the attack is suspected to be originating in China.
Avast released the information of the attack in a blog post. According to their post, “From the insights we have gathered so far, it is clear that this was an extremely sophisticated attempt against us that had the intention to leave no traces of the intruder or their purpose, and that the actor was progressing with exceptional caution in order to not be detected. We do not know if this was the same actor as before and it is likely we will never know for sure, so we have named this attempt Abiss.”
Avast CIO Jaya Baloo said the intruder used compromised credentials through a temporary VPN profile and had successfully access the network in several attempts between May 14 and Oct 4. By keeping the VPN profile open, Avast hoped to track the cyber intruder which they suspect is aiming the CClearner software. The statement highlighted that hackers were attempting to install malware in its CCleaner software. However, no users of the service were affected as they are protected.
Separately, according to reports on Reuters, the BIS said in a statement that, “Everything from data analysis so far suggests that the attack came from China, with the intention to take control of the popular optimisation tool CCleaner, and through that also users’ computers.”
The attack on Avast highlights the growing sophisticated threats organisations are facing today. Threat actors are now beginning to find vulnerabilities and ways to infiltrate even cybersecurity companies. Avast will continue to investigate their logs to reveal the threat actor’s movements and modus operandi together with the wider security and law enforcement community.
With global software companies increasingly being targeted for disruptive attacks, cyber-espionage and even nation-state level sabotaged, organisations worldwide need to continue to be vigilant and ensure they are protected.