CCleaner malware targeted Google, Microsoft, and Samsung internal networks

CCleaner, a Windows utility app was recently found to be carrying malware through a backdoor. The attack seems to be have been much more targeted and sophisticated than depicted previously. Research have been digging through data seized command and control center, and found a lot of evidence that the attackers were using this method to target world’s biggest tech companies.

New information posted by Avast and Cisco’s Talos research group, first reported by Wired, gives us more details. When the server was seized, the attackers were targeting a strong of internal domains with a second-stage payload. This payload was designed to collect data and provide continued access to any infected device.

Published by Talos, we get a list of domains that gives us insight into targeted major tech companies. For example, “Ntdev.corp.microsoft.com” is an internal domain for Windows developers. Then there’s hq.gmail.com that appears to be the internal Gmail access point for Google employees. Other companies include Samsung, Sony, Intel, and Akamai.

It’s unclear how compromised some of these companies are. Talos said that at least 20 computers that were targeted by the payload, but researchers did not disclose which companies were involved. Kaspersky Researchers have found significant code overlap between CCleaner attack and previous attacks by the Axiom threat group.

We will continue to keep you updated as more information comes in.

Hamza Khalid

Hamza Khalid is the Lead Editor at The Jolt Journal. You're more than welcome to follow him on Twitter and follow The Jolt Journal on Twitter and Facebook. If you have any questions, concerns, or need to report something in this article, please send our team an email at [email protected]. This story may be updated at any time if new information surfaces.

At The Jolt Journal, no one tells us what to write or how to write it. This is why, in the era of lies and bias, readers turn to an independent source. Rest assured, all information on our website is free of any bias or influence. If you see anything wrong with a story, please don't hesitate to reach out. We do our very best to report on the latest available information.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.