Czech-based Avast and Czech counterintelligence service BIS detected a network attack on the cyber-security company which the BIS suspected originated in China.
Avast said in a blog post it found suspicious behaviour on its network on September 23 and opened an investigation involving the BIS and Czech police with an external forensics team.
The BIS said in a statement – with contributions from foreign partners – it detected a threat to products of Avast, a company founded in the Czech Republic.
“Data analysis so far suggests the attack came from China, with the intention to take control of optimization tool CCleaner and through that users’ computers,” BIS said in a statement.
Avast said it did not know who was behind the attack.
Chief Information Security Officer Jaya Baloo said the intruder, using compromised credentials through a temporary VPN profile, successfully accessed its network. There were several attempts between May and October, Baloo said.
Avast kept the VPN profile open to track the cyber intruder. It said the attack was likely aimed at CCleaner software, used to clean up junk programmes to speed up devices, as was a previous case in 2017.
The company verified no malicious alterations were made to previous releases of the software and it halted new updates. It pushed a clean update of the product to users on October 15 and revoked a previous certificate.
“Having taken all these precautions, we are confident our CCleaner users are protected and unaffected,” Avast said.
“It is clear this was a sophisticated attempt against us with the intention of leaving no traces of the intruder or their purpose and the actor was progressing with exceptional caution not to be detected.”