UPDATE: Avast Publishes Additional Information Regarding CCleaner Compromise
Avast has updated its blog to include additional information discovered during the investigation into the compromise of the Piriform infrastructure and, subsequently, the CCleaner and CCleaner Cloud binaries. Included in this information is a list of the companies impacted by the second-stage payload resulting from the initial malicious CCleaner update. Avast determined that 40 unique systems belonging to 12 technology companies received the second-stage payload and states that they have contacted all affected companies to provide them with detailed information, including impacted computers and indicators of compromise (IoCs), that can be used to mitigate the incident. If users have not already done so, the NJCCIC recommends updating to the latest version of the affected software as soon as possible. Additionally, we recommend administrators identify, isolate, and scan any computers that ran the compromised versions of CCleaner and CCleaner Cloud and consider wiping and restoring affected systems from backups that predate the installation. Lastly, review all event and security logs for anomalies and unauthorized access during the timeframe that infected systems were active on the network.