Avast said it kept the VPN profile open to track the cyber intruder.
Czech-based Avast and Czech counterintelligence service BIS said on Monday they had detected a network attack on the cyber-security company which the BIS suspected of originating in China.
Avast said in a blog post that it found suspicious behaviour on its network on Sept. 23 and opened an investigation involving the BIS and Czech police along with an external forensics team.
The BIS said in a statement that - with contribution from foreign partners - it detected a threat to products of Avast, a company founded in the Czech Republic.
“Everything from data analysis so far suggests that the attack came from China, with the intention to take control of the popular optimisation tool CCleaner, and through that also users’ computers,” BIS said in a statement.
Avast, however, said it did not know who was behind the attack.
Chief Information Security Officer Jaya Baloo said the intruder, using compromised credentials through a temporary VPN profile, had successfully accessed its network. There were several attempts between May 14 and Oct. 4, Baloo said.
Avast said it kept the VPN profile open to track the cyber intruder. It said the attack was likely aimed at the CCleaner software, used to clean up junk programmes to speed up devices, as was a previous case in 2017.
The company said it had verified that no malicious alterations were made to previous releases of the software and it halted new updates. It pushed a clean update of the product to users on Oct. 15 and revoked a previous certificate.
“Having taken all these precautions, we are confident to say that our CCleaner users are protected and unaffected,” Avast said.
“It is clear that this was an extremely sophisticated attempt against us that had the intention to leave no traces of the intruder or their purpose, and that the actor was progressing with exceptional caution in order to not be detected.”