Czech antivirus vendor Avast says hackers were able to access its internal network using a temporary VPN account. Avast said it believes that threat actors are again looking to target CCleaner in a supply chain attack. The intruder was able to connect to a public IP address in the U.K., using a compromised username and password. The temporary VPN profile had been used by multiple sets of user credentials leading Avast to believe that its users were subject to credential theft. The intrusion was first detected on Sept. 25 by Microsoft Advanced Threats Analytics.
Source: https://threatpost.com/avast-network-breached-as-hackers-target-ccleaner-again/149358/