Worth reading as many orgs have these kind of issues. Somebody basically cloned their Active Directory and had access from at least May. Incredible transparency from AVAST (antivirus vendor) here. security researcher Kevin Beaumont, who tweeted that other organizations can learn from the situation. We do not know if this was the same actor as before and it is likely we will never know for sure, so we have named this attempt 'Abiss'.”Īvast’s detailed description of the latest incident drew praise, including from U.K. Writing about the latest attack, Jaya Baloo, Avast’s CISO, notes: “From the insights we have gathered so far, it is clear that this was an extremely sophisticated attempt against us that had the intention to leave no traces of the intruder or their purpose, and that the actor was progressing with exceptional caution in order to not be detected. This type of manipulation is often referred to as a supply chain attack, allowing an intruder to piggyback on a widely installed program that most believe is safe.
The previous attack in 2017 created a trojanized version of CCleaner to deliver a backdoor that targeted big name companies such as Akamai, D-Link Google, HTC, Intel, Linksys, Microsoft, Samsung, Sony, VMware and Cisco (see: Trojanized Avast CCleaner Attack Targeted Major Tech Firms).
See Also: Live Webinar | Unmasking Pegasus: Understand the Threat & Strengthen Your Digital Defenseįor the second time in two years, the company says it believes CCleaner was the intended targeted of a carefully plotted intrusion executed between May and October. Avast’s CCleaner utility is popular – with attackers.
0 kommentar(er)
