In a follow-up to the shocking news of CCleaner, a popular tool for optimizing PC performance, allegedly being attacked by sneaky hackers, it appears that the application specifically targeted tech companies to harvest IPs.
Harvesting IPs is nothing new under the sun for the countless malicious activities of hackers. Perhaps, hackers who attacked CCleaner were looking for something more than just spreading the every-day run-of-the-mill malware. Apparently, they were in the game to for the purpose of commercial or state-level espionage through the collection of IP addresses.
With nearly 2.7 million computer users affected by the attack on CCleaner, the actions of said hackers aren't going to be taken lightly. In fact, tech companies, along with Avast, the owners of the London-based maker of the optimization application, are aggressively focused on working with law enforcement to eventually reveal the hackers behind the attacks.
What has now come out of the ongoing investigation after the news spread of CCleaner getting hit with an attack is that the unknown hackers were looking to do much more damage in the scope of how they are zoned in on a number of high profile tech companies. The companies targeted, who Avast hasn't revealed their names, are based in Japan, Germany, the UK, and the US.
When asked if a state-level attacker was responsible for the malware attack, an Avast spokesperson said to Yahoo news, "We are not excluding any possibility. It is possible that this was the result of a State level attack or industrial espionage. However, rather than speculate, we are focused on working with law enforcement to identify the perpetrators and prevent any damage caused by a second stage payload."
The malware uncovered in the CCleaner attack was believed to be basic in its initial approach. Though, it appears that there is a second stage payload of the malware found on Avast Piriform-owned servers. So far, the good news remains to be that the second stage was not yet delivered and thus Avast and other undisclosed tech companies may have been spared to some degree.
To add insult to injury, the revelation of the malware attack on CCleaner has revealed that the malware infected millions of companies from as early as August 15, 2017, and slowing on September 15, 2017. With a full month to essentially propagate and perform potential malicious activities, it is believed that the attack was much more than a seek and destroy specifically on Avast's CCleaner. The hackers behind the attack were working in that time frame to scour other tech firms, which may include companies like Samsung, HTC, Sony, Civico, Intel, Microsoft, and even Google. While the list of targeted companies is a speculation rooted from researchers at Cisco Talos who are currently analyzing the CCleaner malware, the details are slowing leaking out and may be confirmed at a later date.
Until we know for certain how, when, and who was on the targeted list for the hackers who attacked CCleaner, we won't have a full picture of what the hackers were attempting to accomplish. Until then, we can conclude that CCleaner wasn't their only objective and the reach for the attack is probably much worse than we all thought.