Threat actors breached the network of cybersecurity company Avast in a sophisticated cyber operation, referred to as “Abiss,” that likely attempted to poison the supply chain and target its anti-virus software, CCleaner.
According to a press release by the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) , the intruder made several attempts to gain access since May 14, 2019, using compromised credentials for a temporary VPN profile that was not protected with multi-factor authentication (MFA) Logs verified that the attacker achieved privilege escalation and had multiple sets of user credentials.
"In response to concerns that the attacker may have tampered with previous updates, CCleaner automatically updated users’ software on builds released after the initial intrusion attempt, closed the temporary VPN profile and disabled and reset all internal user credentials," says NJCCIC.