CCleaner Hackers Targeted Top Tech Firms' Trade Secrets

Researchers believe the hackers behind the recently disclosed CCleaner malware attack weren't just aiming to infect as many machines as possible — they were after the trade secrets of high-profile tech firms.

On Wednesday, researchers at Cisco's Talos security division said that more than 700,000 machines were infected as part of the CCleaner attack. The hackers used information collected from those machines to identify at least 20 high-profile tech firms — including Cisco itself — which were "served specialized secondary [Stage 2] payloads."

"This would suggest a very focused actor after valuable intellectual property," Cisco researchers wrote.

Besides Cisco, the list of targeted companies includes Google, Intel, Microsoft, Samsung, Sony, HTC, and Linksys, as well as Dell-owned cloud computing software firm VMware, cloud services provider Akamai, British telecom company Vodafone, Taiwanese networking equipment maker D-Link, and Singapore-based mobile network operator Singtel. Talos researchers have reached out to the affected companies and alerted them of a possible compromise.

"These new findings raise our level of concern about these events, as elements of our research point towards a possible unknown, sophisticated actor," the researchers wrote.

During the compromise, the malware would "periodically contact" the attackers' command and control server and "transmit reconnaissance information about infected systems" including IP addresses, online times, hostnames, domain names, process listings, and more, the researchers wrote.

"It's quite likely this information was used by the attackers to determine which machines they should target during the final stages of the campaign," they added. "When combined, this information would be everything an attacker would need to launch a later stage payload that the attacker could verify to be undetectable and stable on a given system."

Updated versions of CCleaner and CCleaner Cloud have been released; users of the former should download CCleaner version 5.34 if they've not already done so, while CCleaner Cloud customers should have already received the update to 1.07.3214.

But Talos researchers said that removing the affected version of CCleaner or updating to the latest version isn't enough to protect Stage 2 victims against this threat. Affected firms should "restore from backups or reimage systems to ensure that they completely remove not only the backdoored version of CCleaner but also any other malware that may be resident on the system."

About Our Expert

Angela Moscaritolo

Managing Editor, Consumer Electronics

My Experience

I'm PCMag's managing editor for consumer electronics, overseeing an experienced team of analysts covering smart home, home entertainment, wearables, fitness and health tech, and various other product categories. I have been with PCMag for more than 10 years, and in that time have written more than 6,000 articles and reviews for the site. I previously served as an analyst focused on smart home and wearable devices, and before that I was a reporter covering consumer tech news. I'm also a yoga instructor, and have been actively teaching group and private classes for nearly a decade.

Prior to joining PCMag, I was a reporter for SC Magazine, focusing on hackers and computer security. I earned a BS in journalism from West Virginia University, and started my career writing for newspapers in New Jersey, Pennsylvania, and West Virginia.

The Technology I Use

My little Florida beach bungalow is brimming with smart home tech. I have a smart speaker or display in every room, allowing me to control other connected devices by voice. The Nest Hub on my bedside table lets me set wake-up alarms, control my smart light bulbs, and set the temperature on my smart thermostat. I use the Amazon Echo Show 8 on my kitchen counter to browse recipes, reorder protein powder, check the weather, and watch the news while I do dishes.

Because I suffer from allergies, air purifiers are essential. My favorite model is the Dyson Purifier Cool TP07, which doubles as a fan and continuously sends indoor pollution data to its companion mobile app.

My pitbull Bradley sheds, so a good robot vacuum is a must. I currently use a premium Ecovacs Deebot that can both vacuum and mop, empty its own dustbin, and wash its own mop cloth.

For fitness, I like to mix up my routine with cycling, indoor rowing, running, and strength training in addition to yoga. I take classes on the Tonal 2 smart strength training machine, I row indoors on an Aviron machine, and track my beach runs with an Apple Watch while listening to music on my Apple AirPods Pro. On the weekends, I love riding e-bikes like the rugged, beach-friendly Aventon Aventure for fun and fitness.

My job involves a lot of virtual meetings, so a quality webcam, microphone, and ring light are important. I use the Jabra PanaCast 20 webcam, the Elgato Wave: 3 microphone, and a Yesker tripod ring light.

As for my preferred phone platform, I'm an iPhone person, but I've also extensively used Android for product testing.

Read the latest from Angela Moscaritolo

Read full bio