Avast says hackers breached internal network through compromised VPN profile
Anti-virus giant Avast suffered a security breach on September 23, the company admitted on Monday. A threat actor who had been targeting the company since May 14 of this year, got hold of the VPN credentials of a staff member and subsequently used these to compromise the account and escalate privileges in order to obtain admin rights on Avast’s internal infrastructure. The company believes that the hacker intended to insert malicious code into the popular CCleaner software.
The Czech company is investigating the intrusion together with local authorities. Avast CISO Jaya Baloo said the firm has taken precautions to ensure that “CCleaner users are protected and unaffected” by the incident.