According to the researchers, the hackers were able to piggyback on that initial malware wave and install a second piece of malicious software on the computers working daily in some of the biggest tech firms around the world.
The real target of this attack is now thought to have been major tech firms like Microsoft, Google, Samsung, Sony, Intel and others according to the Talos threat intelligence team from Cisco. Ironically, Cisco was on that list of major tech firms that the hackers now appear to have been actually aiming for. The big take away here is that many of the companies that are believed to be targets are companies that help make the internet work. Let that sink in for a bit, the CCleaner hack could be much more serious than originally thought.
When the attack was first announced on Monday, the Talos team said that it seemed as if the attackers didn't use the malware installed by CCleaner to do any damage. Talos is now saying that the initial infection was actually just the first stage of the more sinister plan. The initial attack basically opened a backdoor into the infected computer systems.
Once valuable computers running at these major tech firms were identified, a much more malicious bit of software was installed on those computers. It's still unclear exactly what the hackers planned to do with this second piece of software installed on these valuable machines. Avast, the owners of the company that produce CCleaner, says that it knows for certain that 18 computers at eight different organizations were infected with a second wave of malicious software. Avast thinks that the total number of valuable computers at major tech firms potentially infected with this second and more malicious software is at least in the hundreds.
Avast is mum on what companies actually have these infected computer systems. The major tech firms are playing mum as well with none of them stepping forward to admit they were hacked with the second round of more malicious software. If the goal of the hackers was to worm its way deeper into the hardware that runs the internet for a third and even more nefarious stage of attack, these are certainly the companies you would want a foothold with.