We would like to update our customers and the general public on the latest findings regarding the investigation of the recent CCleaner security incident. As published in our previous blog posts (here and here), analysis of the CnC server showed that the incident was in fact an Advanced Persistent Threat (APT) attack, targeting specific high-tech and telecommunications companies. That is, despite the fact that CCleaner is a consumer product, the purpose of the attack was not to attack consumers and their data; instead, the CCleaner customers were used to gain access to corporate networks of select large enterprises.
