Czech cybersecurity firm Avast Software s.r.o., the owner of popular antivirus software provider AVG Technologies N.V., has been hacked, but the company managed to fight off the attack.

Those behind the hack managed to gain access by compromising an employee’s virtual private network credentials that were not protected using two-factor authentication. Having gained access, the hacker managed eventually to obtain domain administrator privileges and attempted to insert malware onto Avast’s network.

The attack was first detected Sept. 23, the hacker gaining domain admin privileges triggering an internal system alert, though Avast noted that the hacker had been trying to gain access since May 14.

The hacker was traced back to a public IP address in the U.K. The hacker was specifically targeting Avast’s CCleaner software with malware that allowed those behind it to spy on users. CCleaner was previously hacked in 2017 in what is believed to have been a state-sponsored attack targeting tech companies.

In a surprising twist, having already detected the hacker in its network, Avast let the hacker attempt to proceed for weeks, locking down potential targets in the meantime both to study the hacker and to try to locate the person or group behind the hack.

Software being hacked is normal, but Avast’s game of cat-and-mouse with the hacker was unusual. Avast stopped issuing updates for CCleaner Sept. 25 to be sure that none of its updates were compromised while checking previous releases for compromise as well.

Fast forward to Oct. 15 and Avast started pushing out CCleaner updates with a re-signed security certificate confident that its software was safe from compromise.

“It was clear that as soon as we released the newly signed build of CCleaner, we would be tipping our hand to the malicious actors, so at that moment, we closed the temporary VPN profile,” Avast’s Chief Information Security Officer Jaya Baloo said in a blog post. “At the same time, we disabled and reset all internal user credentials. Simultaneously, effective immediately, we have implemented additional scrutiny to all releases.”

In addition, she said, the company continued to harden and further secure its environments for Avast’s business operations and product builds. A cybersecurity company being hacked is never a good look, but to its transparency was seen as commendable.

Image: Cuneopost