The Czech-based security firm Avast reported its internal network had been accessed through a temporary and loosely protected VPN profile with compromised credentials .
The incident began on September 23 when the company noted suspicious behavior taking place on its network and started an investigation that included Czech national intelligence and cybersecurity assets. It was soon determined that Avast’s network had been accessed by a malicious actor, that the company refers to as Abiss, through a VPN that was mistakenly kept enabled and did not require multifactor authentication.
The initial discovery of suspicious activity pointed the investigators to an MS ATA/VPN where an internal Avast IP was discovered to be compromised, most likely through an employee whose credentials were stolen.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.