1/7/2023 0 Comments Teamviewer hacked newsVlček claimed the attackers had been inside the Piriform network for five months before they managed to compromise the CCleaner build. It took several weeks for the next stage of the payload to be delivered. The payload delivered was an older version of the second stage malware, which was delivered to 40 CCleaner users," he said.Ī couple of days later, the attackers infected the first computer with the older version of the second stage malware. "The attackers opened a backdoor through Microsoft’s Remote Desktop Service, delivering a binary and payload to the computer’s registry. The following day, 12 March, the attackers had made a lateral move to another PC, again making the attempt outside working hours, this time at 4am. On the third try, the attackers succeeded in dropping the payload, using VBScript, the scripting language developed by Microsoft," Vlček added. However, the attempts were unsuccessful due to lack of admin rights to the system. "The attackers tried to install two malicious dlls, (dynamic link libraries). "We don’t have proof that a possible third stage with ShadowPad was distributed via CCleaner to any of the 40 PCs," he said.Īs per the logs, TeamViewer was accessed at 5am local time when the workstation in question was running, but unattended. The attackers then installed the malicious second stage on just 40 PCs operated by high-tech and telecommunications companies. Up to 2.27 million CCleaner consumers and businesses downloaded the compromised product. "While we don’t know how the attackers got their hands on the credentials, we can only speculate that the threat actors used credentials the Piriform workstation user utilised for another service, which may have been leaked, to access the TeamViewer account," Vlček said. In the latest Avast update, chief technology officer Ondřej Vlček said the attackers had used a single sign-in which meant they were in possession of the credentials.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |