Cybersecurity software maker Avast revealed Monday, Oct 21, that hackers were able to access its internal network using compromised credentials via a temporary VPN account.
In a blog post released by the company, Avast disclosed that it had detected a months-long network intrusion on September 23 after observing some suspicious behavior in the network. According to the post, the intrusion attempts were found to have started in May and lasted until October 2019.
Together with the help of the Czech intelligence agency, Security Information Service (BIS), and an external forensics team, the antivirus maker said it had immediately instigated an extensive investigation involving the security breach.
In the same post, Avast claimed that the attack likely came as an attempt to tamper the CCleaner application, a freeware system optimization, privacy, and cleaning tool originally developed for Microsoft Windows.
“The evidence we gathered pointed to activity on MS ATA/VPN on October 1, when we re-reviewed an MS ATA alert of a malicious replication of directory services from an internal IP that belonged to our VPN address range, which had originally been dismissed as a false positive,” the post wrote.
“The user, whose credentials were apparently compromised and associated with the IP, did not have domain admin privileges. However, through a successful privilege escalation, the actor managed to obtain domain admin privileges. The connection was made from a public IP hosted out of the UK and we determined the attacker also used other endpoints through the same VPN provider,” it added.
In an attempt to track the actor and monitor all access going through the profile, Avast said it had left the temporary VPN profile open. Later, in September, it took down CCleaner downloads to check whether it hadn’t been injected with any malware.
In addition, the company said it had re-signed a clean update of the product via automatic update and had also invalidated the certificates used to sign previous versions of the software.
“Having taken all these precautions, we are confident to say that our CCleaner users are protected and unaffected,” the company wrote.
Acquired by Avast in 2017, CCleaner works as a freeware cleaner app that offers a variety of services. Among its other features include automatic cleaning, automatic privacy protection, and automatic updates.
To date, Avast claims that the app has been downloaded more than 2.5 billion times and has 435 million users across 68 countries.