Wednesday, April 18, 2018

Infosec quotes - CCleaner timeline

Oh boy the CCleaner breach timeline is good.
-Attackers used reused creds to access Devs team viewer account 
-Installed malware on his device
-Pivoted to second machine using RDP protocol
- Dropped second stage 
- Third stage is Shadowpad
- Pivot from here to build Server
-Infiltrate other network devices with keylogger usage and RDP
- Backdoored version of CCleaner released including Stages 1-3 
- 1st stage malware infected 2.3 million
-2nd stage infected 40 companies
-No evidence if third stage shadowpad was successful deployed

No comments:

Post a Comment