The hacker group is assumed to be based out of China, and it’s also known by other names including Group 72, APT17, DeputyDog, etc. The existence of the malware in the CCleaner 5.33 executable was reported on Monday.
The similarities in the code were also spotted and mentioned in a report published by Cisco Talos – a threat intelligence group inside Cisco.
The researchers said a third party provided the details about the command and control center used by malware. They found the names of around 20 tech firms, including Cisco, whom attackers wanted to exploit through the malware.
“Based on a review of the C2 tracking database, which only covers four days in September, we can confirm that at least 20 victim machines were served specialized secondary payloads,” the researchers write in the post.
There are many high-profile companies affected, including Cisco, Microsoft, Intel, Sony, Samsung, HTC, DLink, VMWare, etc. The researchers assume a possibility that the attackers might be running after the valuable intellectual property possed by these firms.
One countermeasure suggested to the affected users was to update to the latest version of CCleaner. But the researchers emphasize, at least in the case of big firms, that they should restore their systems through backup or reimage them to wipe out the malware completely.
Regarding the ties of CCleaner malware with Axiom or Group 72, the Cisco Talos found the similarities in the code, and they also analyzed the claims made by Kaspersky researchers. However, they have prevented themselves from claiming that Group 72 is directly connected the CCleaner malware.
If you have something to add, drop your thoughts and feedback.