According to the researchers from Kaspersky, the CCleaner malware shares some code with the hacking tools used by a sophisticated Chinese hacking group called Axiom, also known as APT17, Group 72, DeputyDog, Tailgater Team, Hidden Lynx or AuroraPanda. “The malware injected into CCleaner has shared code with several tools used by one of the APT groups from the Axiom APT ‘umbrella’,” tweeted director of Global Research and Analysis Team at Kaspersky Lab. Cisco researchers also note that one configuration file on the attacker’s server was set for China’s time zone, which suggests China could be the source of the CCleaner attack. However, this evidence alone is not enough for attribution.
- Additional Information Regarding the Recent CCleaner APT Security Incident Digest Article
- Fancy Bear Using Leaked NSA Tools: Report Digest Article
- Software has a Serious Supply-chain Security Problem Digest Article
- Spoofed SEC Emails Distribute Evolved DNSMessenger Digest Article
- Researchers Uncover Maze of Hidden Backdoors in European Embassy and Ministry Systems Digest Article