CCleaner and TR/RedCap.zioqa, you wanted a Top Drawer conspiracy and Whodunit ?

techcrunch.com...

Malware that piggybacked on CCleaner, a popular free software tool for optimizing system performance on PCs, appears to have specifically targeted high profile technology companies and may have been an attempt to harvest IP — perhaps for commercial or state-level espionage.
....
They sum up their analysis as follows: “[A] fairly sophisticated attacker designed a system which appears to specifically target technology companies by using a supply chain attack to compromise a vast number of victims, persistently, in hopes to land some payloads on computers at very specific target networks.”

In its assessment of the second stage payload — i.e. the bit intended for the select tech targets — Avast describes the malware as a “relatively complex piece of code”, noting it is “heavily obfuscated and uses a number of anti-debugging and anti-emulation tricks”.

Please read about a second attack....seems to be Much More to it.
And since I don't believe in coincidences....I find it suspicious this happened so soon after the Avast purchase.

a reply to: DontTreadOnMe

First, outstanding Update DTOM.

I haven't got back on this yet for today. I've been going over the Wikileaks dump on the Russian NSA since 05:30.

I'm surprised this has came out this quick. The peak in targeted attacks occurred on or around the 25th of August.
Someone green-lighted the release of everything. Talk about blowing a covert OP Hehe.

Ahh, the cleansing power of exposure

This explains the need for the system profiles of single users, as they were to be used as proxies in the secondary payload deliverers.

Great find !!

Buck

a reply to: flatbush71

Thanks.

I couldn't figure what the purpose was for collecting that data....WTF were they looking for....so I did a google search for the last 24 hours....and viola!

originally posted by: SR1TX
a reply to: mOjOm

That's the dumbest thing I have ever heard and it will never have a real world application for taking down targets.

You need to first hack the actual PC you want (Near Impossible) then..

Ugh..Just..no.

I think you lack imagination . Whether or not it can actually be applied doesn't take away from the creativity of how it works. Using temp fluctuations to send code to a computer is pretty damn creative approach IMO.

more news.....and a group claiming responsibility
CCleaner hack: Chinese hacker group Axiom may have carried out attack to target major tech giants

However, further analysis into the incident has revealed that the attack could have been carried out by a Chinese hacker group called Axiom, also known as APT17, DeputyDog, Group 72, Tailgater Team, Hidden Lynx or AuroraPanda.

www.helpnetsecurity.com...

An overlap of code used in these malware samples and malware previously used by Group 72 (aka Axiom), a long standing threat actor that has been known to target high profile organizations with high value intellectual property in the manufacturing, industrial, aerospace, defense, and media sectors in the US, Japan, Taiwan, and Korea. It is believed that Group 72 is a state sponsored actor backed by the Chinese government.

This was a very high tech attempt.

From what I see it looks like there was only 20 machines that received the secondary payload.

The OP is blown, their tech, methods and procedures are now public domain.

Game over !

You guys are like Shake & Bake, you helped.

Buck