“In analyzing the delivery code from the C2 server, what immediately stands out is a list of organizations, including Cisco, that were specifically targeted through delivery of a second-stage loader. The archive files also showed Cisco’s research activity in the contents of the included MySQL database. Upon checking, the files were found to be legitimate and based upon the server configuration files. However, we were able to quickly verify that the files were very likely genuine based upon the web server configuration files and the fact that our research activity was reflected in the contents of the MySQL database included in the archived files.” CCleaner Malware Attack: The High-Profile TargetsĪccording to the analysts from Talos, during their investigation, they were provided with an archive containing files that were stored on the CCleaner malware attack C2 server. Initially, we had concerns about the legitimacy of the files. “During our investigation we were provided an archive containing files that were stored on the C2 server. On a recent report released by Cisco Talos, they said: However, a thorough analysis of the alleged hackers’ command-and-control or C2 server, where the CCleaner malware was connected, gave researchers from Talos enough evidence of the existence of a second payload that was only delivered to a particular set of computers based on local domain names. #CiscoTalos found #CCleanerMalwareAttack to be bigger than what they first thought! Click To Tweet That time, the researchers assured everyone that there’s no second stage malware used to execute the massive attack and that affected users, around 2.3 million users worldwide, can just simply update their downloaded V5.33 to V5.44 or higher to get rid of the malicious program. Apparently, the breach enabled the unknown group of hackers to replace the legitimate program with a copycat malware version. Last Monday, news of the CCleaner malware attack made headlines after threat analysts from Cisco Talos found a security breach on the server which handles the download of CCleaner Version 5.33. A few days after uncovering the CCleaner malware attack, researchers found out that some high-profile technology companies were the main target of the attackers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |