Breaking News

GEEKOM to Unveil World's Most Powerful AI Mini PC at IFA 2025 Dolby Unveils Dolby Vision 2 Samsung Launches All-New Sound Tower at IFA 2025 LG Display 4th-Generation OLED Panel obtains industry’s first Perfect Reproduction Verification Viltrox launches AF 56mm Ultra-large aperture F1.2 Pro E and XF (APS-C) lenses

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Hackers Stole Avast's Passwords

Hackers Stole Avast's Passwords

Enterprise & IT Oct 21,2019 0

Avast has suffered a breach of its internal IT networkalthough it says the damage is limited.

On September 23, the company identified suspicious behavior on its network. Inverstigation included collaborating with the Czech intelligence agency, Security Information Service (BIS), the local Czech police force cybersecurity division, and an external forensics team.

The evidence gathered pointed to activity on MS ATA/VPN on October 1, when the company re-reviewed an MS ATA alert of a malicious replication of directory services from an internal IP that belonged to our VPN address range, which had originally been dismissed as a false positive. The user, whose credentials were apparently compromised and associated with the IP, did not have domain admin privileges. However, through a successful privilege escalation, the actor managed to obtain domain admin privileges. The connection was made from a public IP hosted out of the UK and Avast determined the attacker also used other endpoints through the same VPN provider.

When analyzing the external IPs, the web security firm found that the actor had been attempting to gain access to the network through our VPN as early as May 14 of this year.

After further analysis, Avast found that the internal network was successfully accessed with compromised credentials through a temporary VPN profile that had erroneously been kept enabled and did not require 2FA.

On Oct 4, Avast observed this activity again.

The logs further showed that the temporary profile had been used by multiple sets of user credentials, leading Avast to believe that they were subject to credential theft.

In order to track the actor, Avast left open the temporary VPN profile, continuing to monitor and investigate all access going through the profile until the company was ready to conduct remediation actions.

In parallel with monitoring and investigation, Avast says it carried out proactive measures to protect its end users and ensure the integrity of both its product build environment as well as the company's release process.

Even though Avast believed that CCleaner was the likely target of a supply chain attack, as was the case in a 2017 CCleaner breach, the company cast a wider net in its remediation actions.

On September 25, Avast halted upcoming CCleaner releases and began checking prior CCleaner releases and verified that no malicious alterations had been made. As two further preventative measures, the company first re-signed a clean update of the product, pushed it out to users via an automatic update on October 15, and second, revoked the previous certificate. "Having taken all these precautions, we are confident to say that our CCleaner users are protected and unaffected," Avast said.

At that moment, Avast closed the temporary VPN profile. At the same time, the company disabled and reset all internal user credentials. Simultaneously, effective immediately, Avast has implemented additional scrutiny to all releases.

"From the insights we have gathered so far, it is clear that this was an extremely sophisticated attempt against us that had the intention to leave no traces of the intruder or their purpose, and that the actor was progressing with exceptional caution in order to not be detected. We do not know if this was the same actor as before and it is likely we will never know for sure, so we have named this attempt 'Abiss'," Avast said.

Despite the breach, Avast's business continues to grow. The Prague-based business was co-founded by billionaire Pavel Baudis and is listed on the London Stock Exchange. Shares are at an all time high giving the group a $5 billion market cap.

Tags: HackingcybercrimeAVAST
Previous Post
EU Data Watchdog Concerned Over Microsoft 's Contracts With EU Institutions
Next Post
Rocket Lab to Deliver Payloads to the Moon by 2020 Using The New Photon Spacecraft

Related Posts

  • MSI has been hacked, be warned about where you download files

  • Hackers gain access to PS5 Debug Menu and show decrypted PS5 firmware files

  • HP Threat Research Shows Attackers Exploiting Zero‐Day Vulnerability Before Enterprises Can Patch

  • EA Gets hacked - 780GB of data and sourcecode stolen

  • European Supercomputers Researching Covid-19 Report Hacking Attacks

  • Microsoft Offers You $100,000 If You Can Hack the Linux-based Azure Sphere

  • GoDaddy Discloses Data Breach

  • Zoom Users' Data have Been on Sale on Dark Web: report

Latest News

GEEKOM to Unveil World's Most Powerful AI Mini PC at IFA 2025
Enterprise & IT

GEEKOM to Unveil World's Most Powerful AI Mini PC at IFA 2025

Dolby Unveils Dolby Vision 2
Consumer Electronics

Dolby Unveils Dolby Vision 2

Samsung Launches All-New Sound Tower at IFA 2025
Consumer Electronics

Samsung Launches All-New Sound Tower at IFA 2025

LG Display 4th-Generation OLED Panel obtains industry’s first Perfect Reproduction Verification
Enterprise & IT

LG Display 4th-Generation OLED Panel obtains industry’s first Perfect Reproduction Verification

Viltrox launches AF 56mm Ultra-large aperture F1.2 Pro E and XF (APS-C) lenses
Cameras

Viltrox launches AF 56mm Ultra-large aperture F1.2 Pro E and XF (APS-C) lenses

Popular Reviews

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Noctua NH-D15 G2

Noctua NH-D15 G2

Terramaster F8-SSD

Terramaster F8-SSD

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

Soundpeats Pop Clip

Soundpeats Pop Clip

be quiet! Pure Base 501

be quiet! Pure Base 501

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed