CCleaner Malware Attacks Tech Titans

This week, the Alert Logic team highlights an IT Contractor Guilty of Infecting US Army Servers and how CCleaner Malware Attacks Tech Titans.

Malware

CCleaner Malware Attacks Tech Titans

Hackers who broke into as many as 2.27 million accounts of a computer cleaning program were targeting top tech companies. Targeted organizations included Microsoft, Google, HTC, Sony, Samsung, D-Link, Akamai, VMware, Linksys, and Cisco.

In the breach reported on September 19, researchers found that the hackers had hidden malware in Avast CCleaner, which cleans cookies and junk programs from PCs and Android phones to make them run faster. That malware then sent information back to the hackers about the compromised computers, including their internet address and who had access to them. The hackers also deployed a second piece of malware that collected data and provided persistent access.

References: CCleaner Malware Targeted Tech Giants Cisco, Google, Microsoft | Hackers Behind CCleaner Compromise were After Intel, Microsoft, Cisco | CCleaner Supply Chain Malware Targeted Tech Giants

Mitigation Strategies:

Data Breach

IT Contractor Guilty of Infecting US Army Servers

An IT contractor is facing a possible decade behind bars for planting a destructive piece of code, also referred to a “logic bomb”, in a U.S. Army computer program. After a three-day trial, Mittesh Das, was found guilty by a jury for knowingly transmitting malicious code with the intent of causing damage to an Army computer used in the furtherance of national security.

Specifically, Das deliberately introduced malware, that was designed to delete files and knacker services, into the U.S. Army Reserve payroll systems after his employers lost the contract to provide technology. The military estimates it cost $2.6m to fix the damage.

References: IT Plonker Stuffed 'Destructive' Logic Bomb into US Army Servers in Contract Revenge Attack | Man Found Guilty for Placing "Logic Bomb" on US Army Database | Defence Contractor Guilty of Planting ‘Logic Bomb’ in US Army Computer Network

Mitigation Strategies:

This Week's Suspicious IP Addresses

40.71.173.191 194.88.105.76
186.2.161.36 6188.225.83.200
50.115.166.137 45.55.189.241

*IP addresses provided by Recorded Future.