Cyberespionage may have started from Axiom: the malware used in the attack would be similar to the one used in the past by the hacker group
CCleaner is one of the most used programs to optimize the performance of devices. In recent weeks, a modified version of the software was discovered, containing Floxif, a dangerous malware. Now we know that the hacker attack was aimed at the big IT companies.
Let’s try to reconstruct what happened. Between September and August, according to what was revealed by some researchers, an altered edition of CCleaner had been put on the net, discovered only a few days ago. In the infected program, the hackers had inserted Floxif, an invasive malware variant capable above all of collecting information on the affected machines and with writing capabilities. The data accumulated by the spyware was then transferred to a server managed by the hackers. In the last few hours, more details have emerged that shed light on both the malware authors and their real targets. According to the experts, there are similarities between the code of Floxif and that of Missl, a trojan linked to the hacker group Axiom.
The attack
The researchers, therefore, might have found the perpetrators, although there is no certain information yet, but only very strong clues. As we have seen, the modified version of CCleaner allowed hackers to accumulate a lot of sensitive data, including, for example, MAC address, computer name and to record programs installed on the machine and active processes. In addition, the spyware was also capable of assigning an identification number to each compromised device. In addition, it was discovered that Floxif allowed cyber criminals to execute a second malware on about 20 computers.
The affected companies
In the servers analyzed by experts, two lists were found, one containing 700 thousand computers and the other precisely 20. The first list contains the PCs affected by the first version of the malware, while the second list contains those infected by the additional virus, which is capable of taking over other information and executing other malware.
Many hi-tech companies appear on the lists, including Google, Microsoft, Samsung, Sony, HTC, Epson, Intel and Vodafone. The technique used by hackers is very dangerous because, according to experts, it could allow the perpetrators to breach many organizations and collects numerous confidential data.