CCleaner Malware Are Targeted 20 Tech Company Including Cisco, Intel, Microsoft, Samsung And More

CCleaner Malware Are Targeted 20 Tech Company

In a tweet made by Kaspersky Lab’s Costin Raiu on Tuesday, he said that the malware stuffed inside CCleaner v5.33 shared code with the Missl backdoor trojan used by a hacker group called Axiom.





The hacker group is assumed to be based out of China, and it’s also known by other names including Group 72, APT17, DeputyDog, etc. The existence of the malware in the CCleaner 5.33 executable was reported on Monday.

The similarities in the code were also spotted and mentioned in a report published by Cisco Talos – a threat intelligence group inside Cisco.


The researchers said a third party provided the details about the command and control center used by malware. They found the names of around 20 tech firms, including Cisco, whom attackers wanted to exploit through the malware.


“Based on a review of the C2 tracking database, which only covers four days in September, we can confirm that at least 20 victim machines were served specialized secondary payloads,” the researchers write in the post.


ccleaner malware cisco talos
List of domains the attackers were attempting to target. Image: Cisco Talos
There are many high-profile companies affected, including Cisco, Microsoft, Intel, Sony, Samsung, HTC, DLink, VMWare, etc. The researchers assume a possibility that the attackers might be running after the valuable intellectual property possed by these firms.





Regarding the ties of CCleaner malware with Axiom or Group 72, the Cisco Talos found the similarities in the code, and they also analyzed the claims made by Kaspersky researchers. However, they have prevented themselves from claiming that Group 72 is directly connected the CCleaner malware.