The compromise of popular free security tool CCleaner disclosed earlier this week has taken an interesting twist as security researchers have discovered that the attack targeted major tech companies and may have even been state-sponsored.

The specific attack, triggered as a second-stage loader that is activated after the initial infection, targeted 20 tech firms, including Google Inc., Microsoft Corp., Samsung Electronics Co. Ltd., Sony Corp., Intel Corp. and Cisco Systems Inc.

“A fairly sophisticated attacker designed a system which appears to specifically target technology companies by using a supply chain attack to compromise a vast number of victims, persistently, in hopes to land some payloads on computers at very specific target networks.” Cisco Talos researchers said in a blog post.

The researchers went further in suggesting that code used by the hackers indicates that it originated in China. They said the malware specifies use of China’s time zone and shares code with tools associated with a Chinese hacking group known as “Group 72.” It should be noted, though, that the same time zone is also shared with parts of Russia and large slabs of Southeast Asia as well.

“These new findings raise our level of concern about these events, as elements of our research point towards a possible unknown, sophisticated actor,” the researchers noted, before adding that while a new, uninfected version of CCleaner is available, a simple update to the software may not be enough.

“These findings also support and reinforce our previous recommendation that those impacted by this supply chain attack should not simply remove the affected version of CCleaner or update to the latest version,” they said. Instead, victims should “restore from backups or reimage systems to ensure that they completely remove not only the backdoored version of CCleaner but also any other malware that may be resident on the system.”

Image: Cuneopost