One domain in the list not apparently targeting a technology business, per se, points to gambling company Gauselmann.Ĭisco Talos’ researchers take the view that the targeting of “high-profile technology companies” suggests “a very focused actor after valuable intellectual property”. ![]() There’s also, rather chillingly, a distributor of security solutions, such as CCTV, alarm and door access systems. Also listed are: Linksys, Epson, MSI, Dlink and Akamai. The list apparently includes mobile makers Samsung, HTC and Sony, as well as telcos Singtel, Vodafone and O2, plus tech firms Cisco, Intel, VMware, Google and Microsoft. Meanwhile security researchers at Cisco Talos, who are also analyzing the CCleaner malware (using a digital copy of the attackers’ server passed to them by an unnamed source, and which it says it has verified to its own satisfaction), and publishing rather more detail as they do so - have revealed the below list of company domains which were apparently been specifically targeted for delivery of the malware’s second-stage loader. It had previously said the second stage of the payload had not been delivered.Īvast adds that it’s continuing to investigate, along with law enforcement, to try to trace the source of the attack. In another new development, Avast said it believes the malware’s second stage payload was indeed delivered - saying server logs indicate it was sent to 20 machines in a total of eight organizations but adding that the actual number is likely to be “at least in the order of hundreds” being as server logs were only captured for three days (vs the several weeks the malware was being distributed). ![]() However, rather than speculate, we are focused on working with law enforcement to identify the perpetrators and prevent any damage caused by a second stage payload.” It is possible that this was the result of a State level attack or industrial espionage. ![]() So while the malware infected a total of 2.27M PCs between Augand Septemusing CCleaner version as its distribution vehicle - the attackers behind it appear to have been interested in only a specific subset of PC users working for tech firms.Īvast hasn’t published the names of specific companies targeted by the malware for, it says, “privacy reasons” - but says companies in Japan, Taiwan, UK, Germany and the US were targeted.Īsked whether it believes a state-level attacker was responsible for the malware, a spokeswoman for the company told us: “We are not excluding any possibility. In an update on its investigation into the malware, which was revealed to have affected 2.27M users of CCleaner earlier this week, Avast the security company which owns the London-based maker of the software, said the attack was an APT (advanced persistent threat) program that specifically targeted large technology and telecommunications companies. Malware that piggybacked on CCleaner, a popular free software tool for optimizing system performance on PCs, appears to have specifically targeted high profile technology companies and may have been an attempt to harvest IP - perhaps for commercial or state-level espionage.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |