“...
Oh boy the CCleaner breach timeline is good.
-Attackers used reused creds to access Devs team viewer account
-Installed malware on his device
-Pivoted to second machine using RDP protocol
- Dropped second stage
- Third stage is Shadowpad
- Pivot from here to build Server
-Infiltrate other network devices with keylogger usage and RDP
- Backdoored version of CCleaner released including Stages 1-3
- 1st stage malware infected 2.3 million
-2nd stage infected 40 companies
-No evidence if third stage shadowpad was successful deployed
...”
https://twitter.com/infosecxual/status/986536172754219008?s=21