According to the Talos researchers, the info they got from their source included evidence that the hackers looked through their database of hacked machines to find PCs connected to those companies’ networks. While they didn’t reveal which corporations got infected, they said 50 percent of the hackers’ attempts at installing the secondary malware was successful. That doesn’t mean 10 out of the 20 fell victim to the malware, though: some of the tech giants got infected twice, while others weren’t affected at all.
Now that the team has discovered the malware’s true nature, they don’t think it was deployed simply to install keyloggers or ransomware on random people’s computers. They believe it was created for industrial espionage, a way to steal valuable secrets from some of the world’s biggest tech giants. They even found some code associated with known hacking team Group 72 or Axiom, which is believed to be a Chinese government operation. However, the researchers still can’t say for certain whether this particular attack was perpetrated by Group 72.
Avast, the company that owns CCleaner, has confirmed the second payload’s existence after an investigation by its own researchers. It advises the software’s individual users to upgrade to its latest version and to use an anti-virus products. Corporate users will have to go further than that: since the malware might have targeted more than 20 companies, Cisco recommends restoring PCs using backup made before CCleaner was installed.