Stunning revelations in CCleaner, August 17 probe

More and more stunning revelations seem to have surfaced as the thorough probe into the CCleaner, 17 has ended with a logical conclusion.

 The probe reveals the role of Axiom who, in fact, tried to allow a malware to spread which was why, around 2.27 million users were infected across the globe as they downloaded an infected CCleaner file in between mid August to mid September last year.

 What made the attack highly calculated one was the addition of a backdoor to the 32-bit CCleaner known as v5.33.6162 and CCleaner Cloud v1.07.3191.

The entire attack was believed to have taken place when the distribution servers of Piriform was compromised even after the same company developed CCleaner. This was what the investigators dealing with the incident say.

According to what the cyber security experts concluded on behalf of Piriform, the hackers deployed ShadowPad to help them gain access to the remote control facilities.

 Kaspersky, the Moscow based multi national cyber security agency already talked of ShadowPad backdoor in Netsarang’s products now at use in umpteen numbers of companies which include insurance, industrial, construction, manufacturing, retail, telecoms, pharmaceutical, and transportation, software, media, energy and electronics sectors.

Without spotting any tight evidence, the investigators at Avast found lots of grounds to believe that ShadowPad was installed and downloaded on the four Piriform computers.

 Axoim group, popularly known as known as APT17 or DeputyDog is said to have developed ShadowPad and as such the same group might have played a major role in the CCleaner attack.

The investigators further revealed the presence of ShadowPad log files with encrypted strokes at an active keylogger planted at an infected machines which gives them a huge clue to crack the attack.

 A custom-built ShadowPad used in the attack was made the investigators believe that the version was created only for Piriform.

Share this with Your friends: