Czech cybersecurity company Avast was hacked by an outside actor suspected to have ties to China.
Reuters is reporting that both Czech counterintelligence service BIS and Avast detected an attack on the company. Avast said it first found suspicious activity on its network on Sept. 23. The company involved the BIS as well as Czech law enforcement authorities, including a forensics team.
“Everything from data analysis so far suggests that the attack came from China, with the intention to take control of the popular optimization tool CCleaner, and through that also users’ computers,” BIS said in a statement.
Avast Chief Information Security Officer Jaya Baloo said the intruder gained access using someone’s credentials and a VPN to log in. The intruder attempted to get access many different times between May 14 and Oct. 4.
Avast wanted to catch the intruder so it kept the profile with the VPN open. The attack was indeed targeted at Avast’s CCleaner software, which helps to clean up junk to make devices run faster. The company was previously hacked in 2017, when an attack on its supply chain affected more than 2 million computers. Avast said it has 400 million customers around the globe using its products.
Avast said it responded to the hack by making sure than nothing was changed in the code of previous releases, and that it stopped new updates until it could push out a clean one on Oct. 15. The company also took back a previous certificate.
“Having taken all these precautions, we are confident to say that our CCleaner users are protected and unaffected,” Avast said. “It is clear that this was an extremely sophisticated attempt against us that had the intention to leave no traces of the intruder or their purpose, and that the actor was progressing with exceptional caution in order to not be detected.”