According to the research conducted by Cisco Systems that was released on Wednesday, the hackers who penetrated Piriform in August, had also tried to infect systems at Intel, Microsoft and other top tech companies.
This suggest that the hack was far more dangerous than was previously estimated.
Having breached Piriform’s systems, hackers were able to infect the company’s widely used utility, Ccleaner, said Prague-based Avast Software.
In a blog post this week, Piriform and its parent Avast had said no damage had been detected so far, although more than 2 million people had installed infected versions of its utility – Ccleaner.
Even though the infected versions allowed the hackers remote communications, Avast said no alarm was warranted since it had cooperated with researchers and law enforcement agencies and had taken control of the command sites, early in the attack.
Despite, researches at Cisco said, as per a control server that was seized by U.S. law enforcement, hackers had installed additional malicious software on at least 20 other computers.
It is yet unclear these computers are housed in which company. The list of networks that hackers had gone after include Cisco, Sony, Samsung and Akamai.
“It’s like the bad guys cast a net and caught all the fish, but only wanted to infect the machines that were most interesting,” said researcher Craig Williams of Cisco’s Talos unit.
As per Williams, the hackers could have used CC CCleaner installations to steal technology secrets from companies.
The more troubling news is that the hackers may have been looking to plant malware into those companies’ products, which are typically used by high-value targets in government and business around the world.
As per Ondrej Vlcek, Avast’s Chief Technology Officer, “a very small minority of the endpoints” had received subsequent infections. Avast has been contacting the affected firms quietly.
“We don’t believe in going public with any of this stuff while investigation is still ongoing,” he said. “We know that this is also the preference of the law enforcement personnel.”
Computer security companies, including Cisco, Kaspersky Lab, and others have said the hacking attack had reused code that was previously seen in hacks connected to Chinese authorities.
Since the code could have been stolen, researchers are yet to identify the country from which the hackers originated.
Source:
: