The user of the temporary VPN did not have domain admin privileges. Avast said the temporary VPN account had “erroneously been kept enabled,” and did not require two-factor authentication – making it easier for hackers to compromise. The intruder was able to connect to a temporary VPN account, from a public IP address in the U.K., using a compromised username and password.
“In order to track the actor, we left open the temporary VPN profile, continuing to monitor and investigate all access going through the profile until we were ready to conduct remediation actions,” said Avast. However, after observing previous Microsoft Advanced Threats Analytics alerts, Avast found the attackers had attempted to access its network at least seven times in 2019, with attempts first starting May 2019. “We do not know if this was the same actor as before and it is likely we will never know for sure, so we have named this attempt ‘Abiss’.”Īvast was first alerted to the intrusion via an alert from Microsoft Advanced Threats Analytics (a Microsoft service that monitors for potential suspicious activity) on Sept. “From the insights we have gathered so far, it is clear that this was an extremely sophisticated attempt against us that had the intention to leave no traces of the intruder or their purpose, and that the actor was progressing with exceptional caution in order to not be detected,” said Jaya Baloo, chief information security officer with Avast in a post on Monday. 25, was likely targeting its CCleaner business in a supply chain attack. CCleaner, which is software that fights infections in PCs, was previously infiltrated by attackers in 2017 and led to the compromise of 2.27 million people’s systems. Czech antivirus vendor Avast on Monday warned that hackers were able to access its internal network using a temporary VPN account.Īvast said that it believes that the intrusion, first detected on Sept.
0 kommentar(er)
