Threat actors breached the network of cybersecurity company Avast in a sophisticated cyber operation, referred to as “Abiss,” that likely attempted to poison the supply chain and target its anti-virus software, CCleaner.
According to a press release by the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) , the intruder made several attempts to gain access since May 14, 2019, using compromised credentials for a temporary VPN profile that was not protected with multi-factor authentication (MFA) Logs verified that the attacker achieved privilege escalation and had multiple sets of user credentials.