Avast Confirms “Extremely Sophisticated” Hack

Antivirus specialist Avast has revealed that it has been targetted by a “highly sophisticated” cyberespionage campaign.

The Czech company confirmed the cyber attack in an announcement on Monday, but it said that there was minimal damage from the campaign.

It comes after privacy specialist NordVPN confirmed that it had been subjected to a cyber attack, after a third party data centre provider in Finland kept unsecured access to one of its servers.

CCleaner targetted

The announcement from Avast revealed that the Prague-based computer security firm’s internal network had been breached using a username and password for a temporary VPN account.

Avast itself hinted that the attacker was state-sponsored in its announcement, and that it collaborated with the Czech intelligence agency – Security Information Service (BIS) – and an external forensics team, on the matter.

“Global software companies are increasingly being targeted for disruptive attacks, cyber-espionage and even nation-state level sabotage, as evidenced by the many reports of data breaches and supply chain attacks over the last few years,” said the firm. At Avast, we constantly work hard to stay ahead of the bad guys and to fight off attacks on our users. It is therefore not so surprising that we ourselves could be a target.”

Avast on 23 September said that it had “identified suspicious behaviour on our network and instigated an immediate, extensive investigation.”

“The evidence we gathered pointed to activity on MS ATA/VPN on October 1, when we re-reviewed an MS ATA alert of a malicious replication of directory services from an internal IP that belonged to our VPN address range, which had originally been dismissed as a false positive,” it said. “The user, whose credentials were apparently compromised and associated with the IP, did not have domain admin privileges. However, through a successful privilege escalation, the actor managed to obtain domain admin privileges.”

The IP address originated in the UK, and it noted that attacks had been ongoing since 14 May this year.

“Even though we believed that CCleaner was the likely target of a supply chain attack, as was the case in a 2017 CCleaner breach, we cast a wider net in our remediation actions,” Avast said.

“From the insights we have gathered so far, it is clear that this was an extremely sophisticated attempt against us that had the intention to leave no traces of the intruder or their purpose, and that the actor was progressing with exceptional caution in order to not be detected,” the firm said. “We do not know if this was the same actor as before and it is likely we will never know for sure, so we have named this attempt ‘Abiss’.”

In 2017 it was revealed that popular utility CCleaner had been accessed by hackers and made to distribute malware during the month to mid-September that year.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

2 days ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

2 days ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

2 days ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

2 days ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

2 days ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

2 days ago